What October’s Massive DDOS Attack Can Teach Us About the Importance of Security
Anyone Else Having a Problem?
Something odd happened on the morning of October 21st, 2016. Many Americans, mostly located in the Northeast though it was nationwide at some level, experienced strange outages. Many tried to take to Twitter to ask the Internet if they too were having Spotify issues…only to find Twitter was also offline. A few thousand reset routers later and people began to realize it wasn’t their network connection that was the culprit. What had happened was a massive DDOS attack the likes of which we rarely see. Though they are happening with more frequency, this was the first one in quite awhile that affected large swaths of the population and disrupted their daily lives.
So, how do sites and services like Twitter, Spotify, Reddit, Wired, and even the New York Times all get taken offline simultaneously by one event? The answer lies in hosting. Many large-scale web services based on the east coast use Dyn as their DNS host. Because these sites are so heavily trafficked, they often use the same large hosting firms because they have the resources to provide speedy transit for visitors expecting to have nearly instant download times on a site with millions of simultaneous viewers. The downside of this solution is that it makes a company like Dyn an attractive target for malicious agents looking to cause service disruptions.
This huge DDOS event put a spotlight on quite a few issues. The security issues that arise from the always growing “Internet of Things” (it is theorized that access points came from simple network-enabled devices that lack the security measures of more advanced products), the danger of having a massive central hub, and the need to be more vigilant when it comes to the ever growing and intricate world of cybercrime.
But What is a DDOS Atack?
Before the major consumer and media targeted DDOS attack we saw last month, most of the media coverage was on DDOS attacks related to government intrigue and ransom from financial institutions. What they are, essentially, is a system overload. Think of it like a landline. If you have two people on the line (including call waiting) and a third person tries to call you, they’ll get a busy signal. A dedicated denial of service attack is like getting a million phone calls all at once so that no one can get through and anyone who tries is met with a busy signal.
Let’s go back to the concept of the Internet of Things and its culpability, again. Many DDOS attacks originate from relatively simple devices (in comparison to a full computer) such as smart thermostats or security cameras. Because millions of these devices are out in the world, they are a relatively easy and attractive target to create a “zombie army” of malware infected gadgets that flood sites with requests to take them offline. Because these devices aren’t initiating the attack, but are actually controlled from elsewhere acting as a proxy, DDOS attacks can be difficult to shut down.
One’s first instinct may be to try to block offending IP addresses. While this works for spammers on forum sites that operate under multiple user names but one device location, it isn’t effective against DDOS attacks because thousands of devices are launching an attack at once and because IP addresses can be forged. Consider what a simple VPN could do for the average user and then multiply it by thousands of machines backed by hacker know-how.
What DDOS Attacks Mean for Your Business
This isn’t to say DDOS attacks on their own are particularly dangerous. For example, they don’t actually break into locations and steal sensitive data. At their worst, they keep your site from being accessed for an extended period of time. Unless they are used in conjunction with other types of attacks, you aren’t at risk beyond your site being unavailable until the attack is over or thwarted. However, if you operate a small ecommerce business, being taken offline can be devastating. That’s hours of not making any money.
While it may seem like only really big sites get targeted in DDOS attacks due to the media coverage of them, the fact is anyone could be a target. Fifty-one percent of businesses suffered a DDOS attack in 2015. That’s why it’s important to have some sort of protection against these fairly common events.
You can identify a DDOS attack pretty early. As a business owner or someone managing a client’s site, you most likely keep a pretty close eye on what your typical inbound traffic looks like. Sudden spikes in traffic that seem unusual as far as location and duration can be signs of the beginning of an attack. From there you would want to contact your hosting company.
Of course if you’re currently responsible for managing your own server, this could be a tricky situation for you. You may be asking how you can defend yourself against these attacks and the answer is: it’s a little complicated. For the typical web designer or small business owner, the actual technical measures that can be taken may be beyond your comfort level. But if, hypothetically, you were running your own web server you could limit your router to prevent your server from being overwhelmed, add filters to your router to limit packets, time-out half open connections, and drop malformed packets. If reading that sentence made your eyes cross, then luckily KnownHost is here to help you.
How We Can Help
At KnownHost, we provide our customers with high performance managed dedicated servers and VPS’s. If you’re currently with a hosting solution that leaves you to manage your own servers, the prospect of a DDOS attack probably preoccupies you quite a bit. After all, you’re responsible for spotting them and resolving them on your own. If you’re running a business or you’re responsible for hosting all of your clients’ sites, there simply isn’t enough time to be both security IT expert and the manager of day-to-day business operations. That’s why you should leave all your hosting needs to us. We have the experience to spot events as they occur and act to protect your site from the ill effects that they cause. Our hosting solutions are designed to keep your site up and running no matter the issue.
The team at KnownHost knows you want to focus on your actual business without having to worry about the safety and functionality of your sites. That’s why not only do we offer free backups and migrations, but we also include complementary DDOS protection. We include protection up to 500 gps and 700 mpps for bandwidth and packet intensive attacks. We use identifying and filtering hardware to make sure that your site remains online throughout the duration of the attack. Examples of the kinds of attacks you’re protected from include UDP Floods, NTP Amplification, DNS Amplification, Syn Flood, Volume Based Attacks, and Fragmented Packet Attacks.