If services, applications and web-based services are suddenly no longer available or only available to a limited extent, it is more and more likely that a DDoS attack has occurred. These types of hacker attacks have increased since the start of the pandemic and are becoming more complex. What do these criminal tactics really mean and how can you protect your company from the associated financial and security risks?
What is a DDoS attack?
The term DDoS means “Distributed Denial of Service” and is considered a special form of “Denial of Service” (DoS) attack. Both variants aim to use increased data traffic to cause disruptions in target systems, such as a web server, and thus restrict or stop companies’ business activities. With an increased number of requests from the Internet, cybercriminals cause systems to overload, leading to service crashes and background transaction delays.
In the case of a Distributed Denial of Service (DDoS), the effects are particularly devastating: Instead of individual systems, several hundred to a thousand compromised end devices are used to attack a target simultaneously. Companies are thus severely limited in their ability to act and react and should take countermeasures in the shortest possible time to block the DDoS attack.
What happens during a Distributed Denial of Service attack?
Network resources can only process a certain number of requests at a time. Therefore, if a very large number of requests are continuously sent to the system, this overloads and affects the processing capacity. When a certain load limit is exceeded, the requests are answered much more slowly or not at all. The result: Digital content can no longer be accessed and, in the worst case, the website and systems are no longer active, customer service is unavailable – and business sales collapse due to inaccessible web stores, for example.
The procedure of a DDoS attack often follows a typical pattern: Cybercriminals distribute their attack programs or malware unnoticed on a large number of poorly protected computers, servers, routers, video cameras and other IoT devices and are thus able to send instructions to them. In this way, the end devices are used as targeted attack tools and form coordinated botnets to overwhelm a target system with requests – until it is paralyzed. The increasing networking of smart devices also plays into the hands of cybercriminals: They are constantly being given new opportunities to set up and expand far-reaching botnets. The larger these networks are, the more efficiently systems such as company servers can be attacked.
Which industries are affected by DDoS attacks?
DDoS attacks often affect companies in the media, e-commerce and healthcare sectors, as well as banking and insurance. However, attacks on manufacturing industries and data centers also occur time and again. In general, any industry and any company, regardless of size, can fall victim to a DDoS attack. That’s because the pandemic-related further shift of business processes into the digital space has increased the potential attack surface – hackers have more targets at their disposal than ever before. According to the German Federal Office for Information Security (BSI), up to 110,000 botnet infections of German systems are registered every day. Decision-makers should therefore think about preventive security measures to protect their own company from failures.
Is a DDoS attack punishable by law? And who is liable in the event of an emergency?
Although DDoS attacks take place in virtual space, they are considered real attacks on companies and, according to Section 303b from the German Criminal Code (StGB), constitute computer sabotage. Attacks of this kind are prosecutable under criminal law: It does not matter whether the cybercriminals behind them are seeking their own financial gain, a political protest action or damage to a competitor company.
Commissioned IT security analysts are an exception: They are allowed to carry out hacker attacks – so-called penetration tests – in consultation with the respective company in order to disclose existing vulnerabilities. Otherwise, the use of malware in Germany is only permitted within the company’s own network and on its own hardware. If a company is not adequately protected in the event of a hacker attack, the legal situation is clear according to experts: Decision makers can be held responsible with their private assets.
Prevent DDoS attacks – How to protect yourself and your company
There is no standard answer to the question of how DDoS attacks can be avoided. Nevertheless, there are some general recommendations on how companies can protect themselves preventively. Here, trusting cooperation with a specialized service provider such as DGC pays off:
1. Equip servers with security-relevant functions
Web server products such as Apache usually have some modules and functions that improve accessibility during DDoS attacks. This is possible, for example, by limiting the number of IP connections per IP address or delaying the response to requests. Although IT security is largely the responsibility of the IT department and they should change the configuration of the software so that there is as little attack surface as possible, the topic should also be given appropriate importance at the executive level.
2. Blackholing and Sinkholing: Filtering by addresses
Blackholing and sinkholing methods enable internal IT teams to block specific IP addresses in the event of an attack. With blackholing, the attacking addresses are already averted at the router via a geographical determination. Although this means that legitimate users in this region can no longer access the website, it at least remains open to other regions. In comparison, sinkholing filters for the target addresses in order to temporarily shut them down. Requests with a specific destination IP or URL address are discarded at the router. Part of the website is no longer accessible in this way, but collateral damage to other websites is avoided. Therefore, it is recommended to check whether the mentioned methods can be integrated into your system.
3. Penetration tests: Simulate DDoS attacks and detect security vulnerabilities
Since cyber attacks nowadays are extremely complex and occur via a wide variety of entry points, companies are well advised to commission experienced security analysts to check their systems. In the course of penetration tests, defined IT areas are examined to identify possible points of attack for hackers. In addition, an expert assessment of existing security processes provides an important decision-making basis for further optimization. DGC’s pentesters use, among other things, the in-house developed IT security tool cyberscan.io® to carry out the attacks. This enables the identification of security risks in the IT infrastructure through automated scans and enables companies to close gaps quickly in order to avoid security incidents.
4. Cyber security packages: All-round protection for your systems
Every industry and every company has individual requirements for security standards: Therefore, a suitable all-round protection should be aimed for instead of prefabricated stand-alone measures. This is where DGC can provide support and ensure maximum prevention: Coordinated security packages are put together within the framework of Cyber Security Partnerships. Companies thus receive only the solutions and services they really need, which are important for the continuous monitoring of their own IT infrastructure and ensure high security standards along their value chain. In addition to the solutions mentioned above, Security Awareness Training has also proven to be indispensable: Here, employees are taught the basics about different malware in order to establish a fundamental understanding, but they are also sensitized to attacks, for example by tricksters via e-mail and telephone.
5. Cyber Defense Operation Center: Defense against attacks
If a DDoS attack actually occurs, companies are dependent on fast and competent support. The IT security experts at DGC’s Cyber Defense Operation Center (CDOC) are experienced in dealing with hacker attacks and quickly find out which areas of the infrastructure are affected and how the attack can be averted. Up-to-date expertise and a strategic approach are crucial in the event of a security incident such as a DDoS attack in order to avoid longer outages and the associated financial losses.
Whether websites are inaccessible or business operations come to a complete standstill, DDoS attacks can cause enormous damage. Therefore, it is critical to take precautions at an early stage, to optimize existing IT security measures and to avoid possible failures of own services and applications. This is where cooperation with an experienced IT security service provider like DGC pays off. The security experts comprehensively examine systems, data and applications: This way, companies are prepared for emergencies and benefit from an IT infrastructure that delivers full performance at all times.
You want to protect your systems effectively against DDoS attacks and other threats from the cyber world? We will be happy to advise you – just make an appointment with us right away.