One of the most disruptive attacks to deal with in today’s threat landscape is the distributed denial of service attack, often called DDoS. Using the resources of many other computers, an attacker can focus a vast amount of packets and power at a single resource and effectively knock it offline for as long a time as desired. This is a class of attack that must be respected and properly prepared for.
Recently McAfee Labs became aware of a series of the DDoS attacks taking place in Brazil during the last several days. Victims of these attacks included those in the telecommunications and banking sectors. Upon analysis, these attacks appear to use a mix of attack techniques: old-school SYN and ICMP flooding, while at the same time newer tools such as LOIC and SlowLoris. Regardless of the tools used, these types of attacks can be devastating to an online business and its brand.
While the attacks on Brazilian companies do not stand out in their technique (good DDoS is still DDoS), they are significant because Brazil is a large, fast-growing economy that affects other regions and should be looked at in a serious light regardless of the attackers and their motivations. So the question remains: What strategies can companies use to minimize the damage from these types of attacks?
No one technology will do the job. Never has, never will. Good security is about process, people, and technology. Certainly newer technologies like next-generation intrusion prevention and firewalls with IP reputation are of great value and should be looked at; but a good, thorough penetration test should be at the top of everyone’s list along with forensics and a good incident-response plan.
If your company is in the same business as some of the recent victims, then this is a good time to take stock, undergo a good pen-test, and see how well prepared you are.
Revisit your security basics, layer your defenses, and expect an attack.