Can Your Incident Response Plan Handle a DDoS Attack?

June 29, 2020

No one likes being overwhelmed with too many requests—and that goes for your IT network as well. 

Unfortunately, during a distributed denial-of-service (DDoS) attack, that's precisely what happens. 

A DDoS attack consists of multiple compromised systems attacking a target on your network, such as a server or your website, causing a denial-of-service error. The result? All of your legitimate users can't access the network, while you get overwhelmed trying to clean up the mess.

What Happens During a DDoS Attack?

To launch an assault on your network, Hackers typically use malware to exploit vulnerabilities in a system or device. Once they’ve gained control of enough devices, they direct the exploited devices to send traffic to your network or website until it becomes overloaded and knocked offline.

Keep in mind that a DDoS attack not only takes you down— it can also bring down sites and services that rely on your system.

In 2019, Amazon's S3 object storage service was victimized in a DDoS attack, slowing down or preventing access to large numbers of websites that depend on AWS to operate.

Another example comes from 2016, when a botnet army of about 100,000 connected objects slammed the DNS company Dyn with a powerful DDoS attack, resulting in companies that included  Netflix and the New York Times experiencing website outages.
 
In fact, that botnet exploit has evolved into at least 63 variants and has doubled in activity from 2018 to 2019.

IoT Devices Often Exploited

While DDoS attacks have traditionally gone after websites and networks, Internet of Things (IoT) devices are also a major target. That's because IoT devices are connected to the internet and company networks, but are rarely built and configured with the same level of IT security scrutiny as other attack surfaces. 
 
As a result, IoT devices make it relatively easy for hackers to launch an effective DDoS attack. Because IoT devices are used to run machinery, monitor performance, and improve operations, DDoS attacks on such devices can significantly impact the lives of employees and customers alike.  
 
Internet of Things inside of a logo with a cell phone connected to icons of a home, cell phone, car, computer, and more

Smoke and Mirrors

DDoS attacks are the perfect distraction in terms of misdirection. That makes them a devastatingly efficient way to throw an organization's incident response team off a hacker's trail.
 
While an organization scrambles to respond to a DDoS attack, quieter network activity may fly under the radar. This allows bad actors to establish a backdoor trojan through which malware, such as keyloggers or ransomware, can go in and sensitive data can come out.
 
According to IT Pro Portal, 56 percent of respondents to a poll conducted by cybersecurity researchers see evidence that DDoS is being used as a smokescreen. More than a quarter of respondents said that when they lost data from targeted attacks, DDoS was involved as a diversionary tactic.
 
It's estimated that there are 16 DDoS attacks every minute. And the global number of DDoS attacks is projected to double to 14.5 million by 2022.
 
That’s why processes to stop DDoS attacks should be in the playbook of every IT security team.

Design a Game Plan to Thwart DDoS Attacks

The most effective way to prevent a DDoS attack is to ensure that no vector is left unattended. A prudent course of action is to assign specific staff members to monitor certain channels. This requires strength in numbers, though, which is not exactly a strong point for small to midsize enterprises. There are two ways that this gap can be addressed:
  1. Through the use of real-time, AI-based threat detection technology that continues to monitor all network activity for threats during a DDoS attack.
  2. By engaging a third-party security provider with the expertise and resources needed to help strategize and execute an incident response plan.
It's worth noting that these are not mutually exclusive solutions. Managed detection and response (MDR) vendors play the dual role of a security operation center (SOC) and incident response consultant. This makes it possible to identify an attack early on and keep eyes on the network during the storm of a DDoS. 
 
As the leader in security operations, Arctic Wolf's Managed Detection and Response provides comprehensive, 24/7 monitoring of your network, along with ongoing vulnerability assessments and threat analysis to help you reduce your risk and stay ahead of threats. In addition, our Concierge Security™ Team of experts can help you effectively respond to incidents and improve your overall security posture.
 
Learn more about how you can protect against DDoS attacks in the first place, and how you can respond more effectively in case you become a target.
 
Previous Article
5 Ways COVID-19 Has Increased Cybersecurity Challenges
5 Ways COVID-19 Has Increased Cybersecurity Challenges

COVID-19 has made cybersecurity increasingly difficult for enterprises and businesses of all sizes, find ou...

Next Article
The Cybersecurity Industry Has an Effectiveness Problem
The Cybersecurity Industry Has an Effectiveness Problem

55% of enterprises currently use 25 or more cybersecurity technology products within their organization. Fi...

×

Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Company
Country
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!