At a time when many businesses have their resources stretched to the limit, the scourge of distributed denial-of-service (DDoS) attacks has continued unabated and added to the difficulties faced by many during this ongoing pandemic.
Even as businesses seek to cater to an unprecedented number of employees working from home or customers transacting online, many are looking at the headline-grabbing DDoS attacks of late, worried they might be the next target.
On June 25, 2020, Akamai mitigated the largest packet per second (PPS) DDoS attack ever recorded on the Akamai platform. Targeted at a European bank, it generated 809 million packets per second.
The good news is that Akamai, using its intelligent edge platform, helped the bank ward off the attack. Traffic that was assessed to be part of the attack was dropped, while legitimate users were allowed to keep connecting.
However, the attack provided many lessons, said Aseem Ahmed, senior product manager for cloud security in Asia-Pacific and Japan at Akamai Technologies.
The sheer volume of the traffic, which is aimed at bringing down services provided by the bank by overwhelming its servers, is only one of them, he told TechTarget in an interview.
What is also remarkable, he noted, is the velocity of the traffic headed towards the target. It took just seconds for the attack to grow from normal traffic levels to 418Gbps and a total of about two minutes to reach its peak of 809Mpps. Altogether, the attack lasted less than 10 minutes.
In that short time, however, the unexpectedly high volume of traffic and the speed at which the attack reached its peak showed how determined the cybercriminals were to surprise and take down their target.
More sophisticated attacks today
This attempt offers a glimpse of the increasingly sophisticated methods used in today's DDoS attacks, according to Aseem. They often involve multiple vectors, while hackers have also turned to cloud platforms to launch their attacks with scale, he noted.
For example, some of them could spin up easily available cloud resources with stolen credentials and credit card details and launch a quick but devastating attack without leaving a trace.
At the same time, they are making it hard for defenders by taking on new source IPs that are not known previously on a watchlist of suspicious addresses.
For the June attack, for example, Akamai determined that the vast majority of the attack traffic was from IPs that were not recorded in prior 2020 attacks.
This new botnet of zombie machines included 96.2 per cent of source IPs that were not believed to be part of other recent attacks. In other words, businesses cannot keep out attacks by simply tracking known IPs.
Mitigating the risks
Though financial services are a common target for DDoS attacks, they affect just about any industry. The Internet and telecom, gaming, and media and entertainment sectors also face attacks of varying sizes and vectors, according to Akamai.
Being hit by a DDoS attack not only impacts the business productivity and causes revenue loss during the downtime, but it also damages brand image.
Instead of trying to do everything themselves, businesses have to scale up and layer their defenses, by dropping suspected DDoS traffic at the edge and inspecting the remainder, advised Aseem.
Akamai brings with it experience, capacity and threat intelligence to mitigate such attacks through solutions such as Prolexic Routed, which delivers zero-second mitigation, he added. Akamai provides this industry-leading SLA to minimise downtime and risk for online businesses.
The solution’s proactive mitigation controls instantly drop more than 2/3 of the DDoS attacks today. This is done by stopping DDoS attacks in the cloud, before they reach a customer’s applications and data centers.
Network traffic is redirected through Akamai scrubbing centers by making a simple border gateway protocol (BGP) route advertisement change.
Prolexic Routed is built on a DDoS mitigation platform with 18 global scrubbing centers, closer to users and attackers to minimize performance latency and improve network resiliency.
Traffic is routed through the closest available scrubbing center, and proactive mitigation controls help to drop attacks instantly.
For the remaining DDoS traffic, Akamai experts in their Security Operations Centres (SOC) will analyze it to apply the most appropriate mitigation for every attack vector. Clean traffic is then forwarded through, while outbound traffic returned directly to users. With DDoS attacks becoming increasingly complex, the SOC expertise is critical for effective mitigation.
DDoS mitigation requires scale and expertise
It pays to have the right approach before one is hit by a DDoS attack. Here are six suggestions to consider:
- Stop attacks in the cloud: Don’t allow the attack traffic to overwhelm your resources; let a forward defense like Prolexic Routed keep it at bay through its scrubbing centers.
- Mitigate attacks instantly: A DDoS attack is sometimes used as a diversion to steal data, for example, so it makes sense to stop attacks instantly at the edge. Akamai offers two deployment options ― always-on is ready to mitigate malicious traffic at all times, and on-demand allows you to redirect traffic when you’re under attack.
- Defend against the largest threats: Find a partner that has the scale to ward off threats with a large volume or high velocity. Prolexic Routed has three to five times the available capacity of the largest known attacks.
- Gain collective security: Know the threats by partnering with a vendor that scans the landscape every day. Prolexic Routed mitigates more than 8,000 DDoS attacks a year.
- Customize your mitigation posture: Tailor your own mitigation controls so that you can block malicious traffic actively while minimizing false positives.
- Engage the experts: Don’t try to do everything yourself because it is not feasible to scale up and customize your controls to face fast-evolving threats. Speak to companies with proven track record of mitigating DDoS attacks.