How government can defend against advanced DDoS attacks
Distributed denial-of-service (DDoS) attacks on public-facing government and business websites are a well-known phenomenon. The problem, however, is that over the last few years the security community has noticed a growing criminalization of DDoS. These attacks are no longer carried out just by pranksters and activists. Organized cyber-criminals and state-linked hacker groups now increasingly use them as a way to steal money and/or data, spy on the network or destabilize key operations.
According to an Incapsula security firm survey, in 46 percent of cases, the attacks are also used to extort money from victims. The attacks are also becoming more powerful and adaptive to IT defenses, which makes them much harder to stop than in years past.
Over the next few years, the DDoS attack could become a more serious risk for local government agencies, so IT teams and administrators should begin taking steps now to improve their defenses.
Know Your Attack Surface — DDoS attacks won’t necessarily be limited to a non-essential public-facing website. Attackers are getting smarter, and they are using DDoS as a weapon to disrupt operations. These operations can include everything from government payroll services and e-mail to critical networks that electric, gas and water utilities use. Hospitals, emergency responders and transportation systems are also vulnerable. It’s essential that governments know exactly what their online footprint is and have a contingency plan in place for high-risk attacks.
Know Whom to Call — DDoS attacks are more powerful than in years past. Rent-a-bot services on the black market and new amplification techniques that target the application layer of the network magnify the impact of the attacks. It would be extremely difficult for government IT teams to thwart today’s 20-400 gigabits-per-second attacks using their own in-house defenses. Therefore, it’s important to have 24/7 access to a trusted outside DDoS mitigation service that specializes in handling large attacks.
Train for Secondary Attacks — DDoS is frequently used as a smokescreen for more serious attacks like data theft and malware infections. Agencies need to train their IT staff to look out for secondary attacks during a DDoS event. Staff should look for monitoring system alerts, unusual activity on the network or phishing emails.
Simulated Attacks — A sound DDoS mitigation strategy consists of not just anti-DDoS technology, but also people and processes, all of which must come together in harmony during an attack. Government agencies may want to consider simulating DDoS attacks in a controlled environment. That way, the agencies can have an opportunity to fine-tune the components of their increasingly complex security solutions.
About the Author:
Sahba Kazerooni is managing director of Toronto, Ontario-based Security Compass. The cybersecurity firm specializes in DDoS testing and software security for a range of industries, including critical infrastructure, government, finance, technology, health and retail.