Tweaking business models for greater 404 kerching The DDoS attack business has advanced to the point that running an attack can cost as little as $7 an hour, while the targeted company can end up losing thousands, if not millions of dollars.…
View the original here:
Did you know: Crimelords behind DDoS attacks offer customer loyalty points?
Here’s a question: when was the last time you got something truly useful for free? Like that time it turned out your phone company was giving you mobile data even though it wasn’t included in the plan you selected, or that time you turned up at the car dealership for a major repair, and they informed you the cost was covered because you’re just such a great customer. Oh right: it was never. So why is it that so many companies seem to think somebody else is responsible for protecting them against distributed denial of service (DDoS) attacks? DDoS mitigation is an important and complex service that requires careful expertise, on-demand or always-on deployment, nearly limitless scalability and huge amounts of network bandwidth. If a company hasn’t taken the steps to invest in this kind of protection, they don’t have it. Attack overview A DDoS attack is a distributed denial of service attack, which is a cyberattack that uses a botnet, a network of internet-connected devices that have been hijacked for remote use, to direct large amounts of malicious traffic at a website that has been targeted. This traffic overwhelms the website, its server or its resources to take it offline or render it so frustratingly slow it can’t be used. Distributed denial of service attacks have been a problem for websites and organizations of all sizes for over 15 years, and the problem is becoming a crisis as DDoS for hire services steadily gain popularity, and botnets steadily gain in size due to unsecured Internet of Things devices. For larger organizations, a successful DDoS attack can cost between $20,000 and $100,000 per hour, and while unquantifiable, the loss of user trust or loyalty that can result from such an attack can be even worse. Erroneous assumptions DDoS attacks haven’t exactly been flying under the radar lately. Their frequency, as well as the threat they pose, should be well known to anyone working in online security. Yet a recent survey by Kaspersky uncovered some staggering statistics. Thirty percent of companies surveyed indicated that they haven’t taken action against the threat of DDoS attacks because they believe they won’t be targeted, 40% believe their ISP will provide protection, and a further 30% believe data centers will provide protection. Perhaps most misguided of all, 12% believe a small amount of DDoS-caused downtime would not have a negative impact on the company. Why ISPs won’t provide complete protection While some ISPs do provide complete DDoS protection as an added service that clients pay good money for, most provide only partial protection. Due to the large amounts of bandwidth an ISP has available, they can do well against large volumetric attacks, but craftier application layer attacks are a problem. Also, while ISPs can be good at identifying malicious traffic, they don’t deal with that malicious traffic efficiently, meaning that while it’s struggling to deal with an influx of malicious traffic, legitimate traffic will be caught in the bottleneck with it or even discarded alongside the bad traffic, resulting in users unable to get through to the website. In other words, while a basic DDoS attack could be thwarted by an ISP, the result – users unable to access the website – ends up being the same. Further, some DDoS attacks like the Slowloris are made up of traffic and requests that are seemingly legitimate, making them difficult to detect for even some intrusion detection systems, let alone an ISP. Perhaps the biggest problem with relying on an ISP for protection is that regardless of what type of attack is launched, there isn’t going to be a quick response from an ISP. They aren’t built for the kind of real-time monitoring and deployment that can catch an attack within seconds. Most often, it will be several hours before an ISP begins to deal with an attack. By then, the damage is done. Why data centers won’t provide complete protection either There’s a caveat here: just as with ISPs, some data centers do provide complete protection against distributed denial of service attacks, but again it is an added service that definitely adds to the data center bill. Similar to ISPs, data centers do provide some measure of DDoS protection, but it can generally only protect against basic attacks that can be stopped with rate limiters, or attacks that are not directly aimed at an application service. Large or complex attacks cannot be stopped by basic data center protection. Moreover, not only do ISPs and data centers not provide complete protection against DDoS attacks, but they also put their clients at a bigger risk of second-hand DDoS damage. If an ISP or data center is struggling with a large or complex attack, websites that weren’t targeted will nonetheless suffer the effects. A-Z protection Professional DDoS protection is built to provide the quickest, most proactive and most complete protection against distributed denial of service attacks. Cloud-based protection is especially excellent at protecting against both network-layer and application-layer attacks, and with the use of a scrubbing server, attack traffic will be kept from ever touching the target website while legitimate traffic is let through unfettered. For companies after a more bang-for-their-buck solution, it may be preferable to look into a quality content delivery network (CDN). CDNs are designed to improve site speed and performance, and all CDNs offer some level of DDoS protection due to the built-in load balancing that comes from their multi-server environments. However, CDNs will also offer additional DDoS protection on top of that. High-quality distributed denial of service protection won’t become a freebie or throw-in until the internet reaches a phase where there’s something so much worse and so much more common than DDoS attacks that they become almost after-thoughts for all the malicious cyberattackers out there. So companies can either root for that reality, or take protection into their own hands by investing in solid DDoS protection. Source: http://www.iotevolutionworld.com/iot/articles/430637-short-list-who-protects-companies-against-ddos-attacks.htm
Read More:
The Short List of Who Protects Companies Against DDoS Attacks
The servers hosting Daphne Caruana Galizia’s personal blog have suffered a DDoS attack. A DDos (denial of service) attack occurs when many systems flood the bandwidth of a targeted system, in an attempt to make the online service unavailable. Mrs Caruana Galizia does not yet know who is behind the attack, but did say it is highly likely to be a person of Maltese nationality.. Prior to the DDoS attack on the servers, she said, a fake Gmail account was setup – similar to her personal email address. The person who created the account, then emailed two persons working for the company who handle software support for the website, and tried to acquire information required to hack the site through them. This, however, did not work and the software support personnel realised that it was not Mrs Caruana Galizia’s email address, and also the use of broken English in the email. This, she said, is what led her to believe that the person behind the attack is Maltese. The police were contacted aftewr the DDOS attack occurred later, and an investigation is ongoing. The fake Gmail address used a proxy server, and thus far no culprit has been identified, she said. She explained that aside from the crime involving the DDoS attack, impersonation is also a crime. Vanilla Communications, a server hosting company owned by David Thake, hosts Daphne Caruana Galizia’s personal blog – a service that she pays for each month, she said. In a Facebook post, Mr Thake said that the servers hosting her website suffered a DDoS attack which he called “unprecedented in scale.” Mr Thake, in his post, said the attack brought the network to its knees. Source: http://www.independent.com.mt/articles/2017-03-21/local-news/Servers-hosting-Daphne-Caruana-Galizia-s-website-suffer-unprecedented-DDOS-attack-6736171884
Follow this link:
Servers hosting Daphne Caruana Galizia’s website suffer ‘unprecedented’ DDoS attack
? Botnet knocked down, but it gets up again ? Aficionados of salacious smut sites in the UK and Canada are picking up some nasty software that infects systems by using corrupted pop-under adverts.…
Read More:
Web smut seekers take resurgent Ramnit malware from behind
The Russian banking giant Alfa announced, in a press statement, that hackers targeted its cyber infrastructure in a large-scale DNS Botnet attack. The purpose appears to have been to make it seem as though the bank had been communicating with the Trump Organization. The bank is now asking U.S. to assist it to uncover the culprits. On Friday, the bank revealed that their servers were under three cyber attacks targeting the domain name server (DNS) since mid-February. It is unclear who was behind these attacks; the details show unknown hackers allegedly used Amazon and Google servers to send requests to a Trump Organization server posing to look like they came from Alfa Bank, pushing the Trump server to respond back to the bank. An Alfa Bank spokesperson said: “The cyber attacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ’Trump servers’’. Furthermore, Alfa Bank revealed that it is ready to work with the U.S. law enforcement agency to identify the individuals involved in the campaign. The bank has already hired Stroz Friedberg, a US-based cyber security firm to get into the depth of the matter. “The cyber attacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ‘Trump servers,” an Alfa Bank representative said in a statement. “We have gone to the U.S. Justice Department and offered our complete cooperation to get to the bottom of this sham and fraud.” On February 18, 2017, the bank claims it experienced suspicious cyber activity from an unidentified third-party. Specifically, the unidentified third-party repeatedly sent suspicious DNS queries from servers in the U.S. to a Trump Organization server. The unidentified individuals made it look as though these queries originated from variants of MOSCow.ALFAintRa.nET. The use of upper and lower case indicated the human intervention in the process. Moreover, Alfa Bank says it received more than 1,340 DNS responses containing mail.trump-email.com.moscow.alfaintra.net. Last week, CNN reported that the FBI’s counterintelligence team was investigating if there was a computer server connection between the Trump Organization and Alfa Bank during the U.S. election, according to sources close to the investigation. The bank has now denied that there was ever a conversation between both parties. Mark McArdle, CTO at cyber security company eSentire commented on the issue and said that: “A botnet is typically associated with an attack that leverages scale, as it can employ thousands (potentially millions with IoT devices) of devices and use them to coordinate an attack on a target. We’ve seen this with some big DDoS attacks. We also see botnets being used as platforms for large-scale spamming. However, the number of DNS connections reported in the Alfa Bank attacks (1,340 in once case) don’t indicate massive scale. A botnet, however, can be used to add another layer of obfuscation between you and your attacker. Following the breadcrumbs back could bring you to a PVR that has been hacked and is now part of a botnet. I suspect in this case, the botnet is being used more for obfuscation of identity than scale. The attackers may be using a botnet to send spoofed DNS requests to a legitimate Trump server using a spoofed “reply-to” address inside Alfa-Bank’s infrastructure. Spoofing DNS lookups is not very difficult since DNS is not authenticated, and the ability to spoof source addresses is unfortunately still available – all you need is a system to launch your attack from that is connected to the Internet via an ISP that doesn’t filter out spoofed source addresses. While this type of attack has been around for a while, what’s new in this case is that someone is using it to try and contrive evidence of a relationship where neither party sought one. Additionally, there is also reference in Alfa Bank’s statement about Spam messages from marketing@trumphotels.com. It’s also possible to spoof email (spammers do this all the time). A spoofed email could include a reference to a legitimate Trump Org server and a real connection would be established if a user clicked on it (or selected “show images” in the email). Again, this does not mean the email came from Trump Org, just that it was sent in order to attempt to solicit “a connection” between Trump Org and Alfa-Bank.” Either way, identity is difficult to determine unless cryptographic certificates are used, and ultimate hack attribution is even more difficult. This is not the first time that allegations surrounding Trump’s relations with Russia have emerged. Some believe Russia hacked the US election to give Trump a way to win the presidency while some believe that Russian media was involved in spreading fake news against Trump’s opponent Hillary Clinton. Either way, nothing has been proven yet. Source: https://www.hackread.com/russia-alfa-bank-target-with-dns-botnet-attacks/
More:
Russian bank Alfa Says it was Under DNS Botnet Attacks
Whether or not you work in IT security, distributed denial of service (DDoS) attacks are becoming more visible by the day. In the last three months of 2016 alone, DDoS attacks greater than 100Gbps increased by 140% year-on-year, according to a recent report. This growth isn’t expected to decelerate any time soon. The damage inflicted by DDoS attacks in the past year has been seen across various aspects of the online world. We often hear of news sites and political campaigns being taken offline, but this is now moving towards more mission critical operations in hospitals, banks and universities. The most significant example in recent months is the DDoS attack against Domain Name Service (DNS) provider Dyn. Let’s take a look at this case and determine the potential impact that conformance to existing standards could have had on the incident. IoT and the DDoS dilemma The Dyn attack in October 2016 impacted a whole host of major websites including Amazon, Netflix, Twitter, Spotify and Github, and was widely reported as the largest of its kind ever recorded. Its substantial impact was down to the huge number of connected devices used in the attack – not just laptops and PCs but routers, printers and baby monitors that make up the so-called Internet of Things (IoT). These devices were deliberately infected with the Mirai malware in order to create a botnet to carry out the momentous attack. It’s important to be clear on the mechanisms of the Mirai malware if we’re to consider the potential impact of standards on the attack. By using known passwords, it is able to search for susceptible IoT devices before infecting them with the malware. As a result, the device becomes part of a botnet which is capable of launching DDoS attacks from all of its infected devices. Seven out of 12 DDoS attacks in Q4 2016 were down to the Mirai botnet. In the Dyn case, it was estimated that the attack involved 100,000 malicious endpoints. The botnet sent around 1 TB of traffic per second to the company’s servers, meaning legitimate requests were denied. Mitigating DDoS attacks This attack was fundamentally a consequence of the devices involved still retaining their default password. There are two arguments as to where culpability lies in this instance. Some blame the users for not changing the default passwords once they were connected. Others feel more responsibility should fall on the manufacturers to ensure operators understand the importance of changing default passwords. In fact, in some cases manufacturers were distributing products with well-known default passwords and no option to change the password without purchasing a new product. In any case, these devices were vulnerable and open to attack. Standards: the silver bullet? DDoS attacks are becoming far more sophisticated so it’s essential that hardware and software manufacturers start to seriously consider standards to address the potential security risks in the growing Internet of Things. One key standard is the Open Trusted Technology Provider Standard, or O-TTPS, which addresses these issues around supply chain security and product integrity. Recently approved as ISO/IEC 20243, this set of best practices can be applied from design to disposal, throughout the supply chain and the entire product life cycle. Standards like the O-TTPS aim to reduce the risk of tainted (e.g., malware-enabled and malware-capable) and counterfeit hardware and software components from entering the supply chains and making their way into products that connect to the internet. This specific standard also has a conformance program that identifies Open Trusted Technology Providers who conform. The vendors involved in the Dyn incident could have followed the O-TTPS’ requirements for vulnerability analysis and notification of newly discovered and exploitable product weaknesses. If they had done so from the outset, the vulnerability that allowed the Mirai botnet to grow would have been caught early. The attack vector would have subsequently been blocked and the impact on businesses and consumers significantly reduced. Securing Information and Communication Technology (ICT) on which our business enterprises and critical infrastructures depend is a serious problem that becomes even more daunting and complex as we extend those environments to IoT devices. ICT and IoT devices are developed, manufactured, and assembled in multiple countries around the world. They are then distributed and connected globally. Providing international standards like the O-TTPS (ISO/IEC 20243) that all IT providers and their technology partners (e.g., component suppliers, manufacturers, value-add resellers) in their supply chains can adopt, regardless of locale, is one significant way to increase cyber and supply chain security. Standards can’t categorically prevent the inception of DDoS attacks, but what they can do is mitigate their effectiveness and limit their economic damage. The adoption of a universal product integrity and supply chain security standard is a major first step in the continued battle to secure ICT products and IoT devices and their associated end users. Further steps need to be taken in the form of collaboration, whereby we reach a point where we can recognise which technology and technology providers can be trusted and which cannot. But adhering to global standards provides a powerful tool for technology providers and component suppliers around the world to combat current and future DDoS attacks. Source: https://www.infosecurity-magazine.com/opinions/standards-security-great-ddos/
See more here:
Standards and Security: The Great DDoS Challenge
TAIPEI (Taiwan News)—Most denial-of-service (DDoS) attacks launched by hackers from Feb. 15 to March 14, 2017 in Taiwan targeted the high-tech industry, according to statistics compiled by leading global content delivery network provider Akamai Technologies. Industries in Taiwan that were most severely attacked by hackers were the high technology industry (61.8 percent), manufacturing industry (17.6 percent) and the financial services industry (7 percent), according to statistics compiled by Akamai’s intelligent platform that delivers 30 percent of the global Internet traffic. Industries in Taiwan under DDoS attacks from February 15 to March 14, 2017. (Taiwan News) The majority of the hacks were launched from IP addresses in Taiwan, followed by Alabama in the U.S., and Brazil. “It is often a misconception that most attacks are launched from abroad,” said Akamai’s Security Business Unit director Amol Mathur. “Attacks are coming both domestic and outside.” The premium CDN provider works customizes solutions for clients from different industries in Taiwan, including hospitality, banking, travel and airline services. Taiwan’s financial institutes are still recovering from a cybersecurity scare last month, in which 15 banks received threats from an anonymous hacker group to shell out 10 Bitcoins each (equivalent to US$10,466), or brace themselves for DDoS attacks that would compromise their server systems. DDoS attacks launched by hackers often compromise institute’s servers data processing capacity by delivering a sudden deluge of data that overtakes bandwidth resources, for instance if the company server bandwidth only allows 10 Gigabyte per second (Gbps) of capacity it can be paralyzed by a 100 Gbps attack. Hackers might use DDoS as a distraction to conceal other malign operations, such as stealing personal information or credential theft, added Mathur. Industries affected by hacker attacks vary monthly, depending on whether there is a major geopolitical event, said Mathur. For instance global hacker group Anonymous took down the London Stock Exchange system for two hours as part of its campaign against global central banks in June 2016. Mathur advised banks should not heed hacker demands to pay ransom. “In real life you would not pay ransom, so why would you pay hackers,” he said. The cybersecurity expert noted a rise in DDoS attacks globally during the fourth quarter of 2016, and pointed out DDoS attacks data size was increasing exponentially every quarter. Globally, attacks over 100 Gbps jumped 140 percent year-on-year during 4Q16, with the largest-size attack recorded reaching 517 Gbps, according to the Akamai “Fourth quarter 2016 State of the Internet/Security Report.” Mathur noted the cause of increased DDoS attacks was partly due to easy access for people to rent bots online, for as cheap as US$10 by going to a site and simply keying in the website address. Hackers can generate a monthly income of US$180,000 to US$200,000 from bot rentals. It remains extremely difficult for law enforcement agencies from a single country to track down hackers that spread the attacks launched by rented bots around the globe, and hide behind the protection of anonymity offered by the dark web. Additionally, the preferred Bitcoin currency used for business transactions by hackers is hard to trace to an IP address, explained Mathur. Introduction of mobile devices, mobile payment, IP surveillance cameras and emerging Internet of Things (IoT) trends introduce new cybersecurity vulnerabilities as hackers can utilize attacks through large number of connected devices. The Mirai bot for instance exposed vulnerabilities in the default user administrator name and passwords used by thousands of connected IP surveillance cameras and their DVR worldwide, said Mathur. He urged the IoT industry to form a joint standard, and for countries to start implementing regulations that set cybersecurity standards for connected devices. Hackers are also finding ways to target vulnerabilities in smartphone application programming interface (API) to obtain credentials, and data from mobile transactions. Apple Pay and some other mobile payment technologies periodically publish white papers announcing how it is securing data, but are mostly for tech savvy readers, said Mathur. One way consumers can safeguard credit card transactions is to check if the online shopping sites or App they use have The Payment Card Industry Data Security Standard (PCI DSS), noted Mathur. The proprietary information security standard launched nearly a decade ago by major credit card companies Visa, MasterCard, American Express, JCB and others follows a stringent standard and heavily fines companies that do not follow its compliance. Source: http://www.taiwannews.com.tw/en/news/3117326
Originally posted here:
Taiwan high-tech industry hardest hit by DDoS attacks in last 30 days
Just unplug them now before someone writes a botnet, okay? Get ready for the next camera-botnet: a Chinese generic wireless webcam sold under more than 1,200 brands from 354 vendors has a buggy and exploitable embedded web server.…
Read More:
Oops! 185,000-plus Wi-Fi cameras on the web with insecure admin panels
The agency is working on a multimillion dollar effort to protect the country’s most critical systems from distributed denial of service attacks, which are among the simplest digital assaults to carry out and the toughest to fight. MARCH 8, 2017 —In late October, in Surprise, Ariz., more than 100 phone calls bombarded the police department’s emergency dispatch line. Calls also overwhelmed the nearby city of Peoria’s 911 system and departments across California and Texas. But each time a dispatcher picked up, no one was on the line – and there was no emergency. The Arizona district attorney’s office says the calls clogging 911 lines resulted from a digital prank, which triggered a distributed denial of service, or DDoS, attack on critical emergency communication systems. The prosecutor’s office tracked the torrent of calls to 18-year-old hacker Meetkumar Hiteshbhai Desai. Now, he’s facing four counts of felony computer tampering. While Mr. Desai said he didn’t intend to cause any harm, according to the Maricopa County Sheriff’s Office, he did surface a potentially devastating glitch in smartphone software that could exact damage on any number of sensitive and critical targets. Whenever anyone clicked a certain link on his webpage via a mobile device, their phone automatically dialed 911. While this kind of DDoS targeting 911 systems is unprecedented, it’s exactly the type of attack that national law enforcement officials have been concerned about for years. In fact, the Homeland Security Department (DHS) has been working on technology to protect 911 centers from DDoS and telephone-based, or TDoS, attacks for three years. The Arizona incident proved someone can “cause a large number of phones or a large number of computers or a large number of whatever connected device to start generating these calls,” says Dan Massey, program manager in the cybersecurity division of the DHS Science and Technology Directorate. “It went from how much damage can I do from my phone” to a situation where, with just a handful of people, “if all of our phones started calling some victim, whether that’s 911 or a bank or a hospital, that can get very fast and very big.” DDoS attacks are both among the simplest forms of cyberattacks to carry out and the most difficult to defend against. They are designed to direct an overwhelming amount of digital traffic – whether from robocalls or web traffic – at targets to overwhelm them so they can’t handle legitimate business. Writ large, there has been an exponential increase in the intensity and frequency of DDoS attacks over the past six months and critical infrastructure components are possible future targets, according to DHS. For a sense of the scale of today’s DDoS attacks, compare the 100 megabits per second Internet speed at a typical company to the more than 1 million megabits (1 terabit) per second speed of a DDoS attack against Web hosting company Dyn in October. The attack, which drew power from insecure webcams and other internet-connected devices, knocked out widely used online services like Netflix, Twitter, and Spotify for hours. Such massive web DDoS assaults may also become a problem for 911, as the country moves toward a next generation 911 system that uses mapping services to locate callers and can support voice, text, data, and video communication. “What you’re seeing is a convergence of the traditional internet with the phone system and next generation 911 is a great example of that,” says Massey. “DDoS attacks and/or TDoS attacks kind of blend together a little bit there.” To help combat the problem, the department has given out $14 million in grants for DDoS prevention studies, including phone-based attacks. Some of that funding is piloting initiatives to stop phone-based attacks at 911 centers in Miami/Dade County and the City of Houston, as well as at a large bank that the department wouldn’t identify. So far, DHS efforts have yielded, among other things, a DDoS early warning system to flag organizations that an attack may be coming, and alerting them to adjust internet network settings to defend against an onslaught of traffic. Additionally, DHS-funded research from tech firm SecureLogix produced a prototype that can thwart phony telephone calls sent to a 911 system or other critical phone operation. The model attempts to detect bogus calls by monitoring for clues that indicate an incoming call is fake. “As we have seen, it is simple to flood a 911 center, enterprise contact center, hospital, or other critical voice system with TDoS calls,” says Mark Collier, SecureLogix chief technology officer. “The research is essential to get ahead” because the assailants “are generating more attacks, the attacks are more sophisticated, and the magnitude of the attacks is increasing. “ To be sure, the race to keep digital adversaries out of the country’s 911 system faces obstacles, some of which are outside the jurisdiction of Homeland Security and dispatch centers. The DHS DDoS defense program is “a good start,” but one “challenge in defending certain types of critical infrastructure is the fact that emergency services like 911 must serve anyone – immediately,” per Federal Communications Commission rules, “due to their life saving nature,” said Mordechai Guri, research and development head at Israel’s Ben-Gurion University Cyber-Security Research Center. “The approach of blocking the DDoS originators must be backed by a change in the laws and regulations.” Before the October attacks on the Arizona 911 systems, he and fellow Ben-Gurion researchers warned that DDoS attacks launched from cellphones could pose a significant threat to emergency services. During one experiment, it took fewer than 6,000 hacked phones to clog emergency services in a simulated US state, the academics wrote in a September 2016 paper. Such an attack can potentially last for days. The very nature of the 911 system makes shutting out any callers potentially dangerous, and some alternatives, like requiring a person in distress to authenticate themselves for assistance, are not viable, says Massey of DHS. “We really need to make sure that we’re not missing a critical 911 call,” he says. “So that’s a challenge for the project to make sure that we’re not misclassifying people.” Source: http://www.csmonitor.com/World/Passcode/2017/0308/How-Homeland-Security-plans-to-end-the-scourge-of-DDoS-attacks
See more here:
How Homeland Security plans to end the scourge of DDoS attacks
Of all the cybersecurity threats today’s businesses face, distributed denial-of-service (DDoS) attacks are among the most complex and devastating. This type of breach involves multiple compromised systems that work in conjunction to shut down service. Although security technology is becoming more sophisticated, so are hackers, and you don’t want to be caught unprepared if (or more likely, when) your company’s data gets compromised. Below, a few members of Forbes Technology Council each offer one important prevention measure to help your IT department defend against a DDoS attack. 1. Continue To Add Layers Of Defense Remain vigilant, continuing to add layers of security as they become available. Also provide your department with signs to look for so they have a better idea of potential threats. This provides for a much more proactive approach to security. – Chalmers Brown, Due 2. Practice Your Response Plan Have a plan on what to do and who should do it, then do a dry run against it a few times a year. Go further than just your IT team – involve your vendors, executive team, etc. and ask for feedback on what would help them help you in the face of a DDoS attack. Update your plan each time. This practice helps your team execute fast and has the added benefit of showing those around you that you’re prepared. – Brian Fritton, Patch of Land 3. Use A Web Application Firewall (WAF) A Web Application Firewall (WAF) is your best line of defense against a DDoS attack. It acts like an antivirus that blocks all malicious attacks on your website. It sits above your application at the network level to provide protection before the attacks reach your server. Using a WAF not only protects you against DDoS attacks, but also improves application performance and enhances user experience. – Thomas Griffin, OptinMonster 4. Leverage Cloud Services And Educate Yourself Continually Cloud providers will handle security better than you can do in-house — especially if you’re a target. Even the U.S. government leverages cloud providers to consult and augment security. Amazon has DDoS mitigation services, and their DNS is both inexpensive and secure. Educate yourself to stay aware of the potential threats and mitigation services that are available to you. – Tim Maliyil, AlertBoot 5. Help Employees Educate Each Other Since our inception, we’ve had a personal ‘buddy’ assigned to any new team member. They are responsible for teaching the new person all of the dos and don’ts of the department, and also get them more culturally aligned with the team/company. – Pin Chen, ONTRAPORT 6. Get Senior Management Involved In Security Planning It is critical for companies to include senior management in DDoS prevention planning. Most attacks are due to poor ongoing security practices or setups. Ransomware attacks alone cost over $1B in 2017. Companies should consider cloud solutions that offer cost-effective managed security solutions, with ongoing security and maintenance updates, so that they can focus on building their core business. – Cristina Dolan, Trading Screen 7. Segment Your IoT Devices Behind A Firewall While DDoS attacks are difficult to prevent, you can minimize the impact by enabling DDoS and flood protection on your organization’s firewalls. To restore order quickly in the event of an attack, develop a DDoS response plan. To minimize the chance of your IoT infrastructure being used in a DDoS attack, make sure all IoT devices are segmented on a dedicated safe zone behind a firewall. – Bill Conner, SonicWall Source: https://www.forbes.com/sites/forbestechcouncil/2017/03/07/7-security-steps-to-defend-your-company-fram-a-ddos-attack/#4a04a540408
Read more here:
7 Security Steps To Defend Your Company Fram A DDoS Attack