Granted, with all of the election coverage, you may have missed last week’s big news item about the “Doomsday of DDoS attacks” and if your organization’s site wasn’t impacted, then you probably made it through blissfully unaware of the havoc unfolding elsewhere. Nonetheless, this wasn’t a one-off event so here’s what you need to know about DDoS (Distributed Denial of Service) attacks, why this is different than usual, and how to check on the condition of your site should it get caught up in subsequent waves.
DDoS attacks are remarkably simple in that they compromise their targets by overloading them with web traffic. 300 people going through a door in a single file line can get through pretty quick when working in coordinated fashion but if they all try to smash through at the same time, you end up with the digital equivalent of a Three Stooges routine.
How These DDoS Attacks Are Different
Traditionally, attackers target an organization’s website, which physically lives on a server. In most cases, these servers are located at one of dozens of major data centers where hosting providers rent and/or own server space.
Instead of focusing on the servers where your website lives, the most recent wave of DDoS attacks targeted the servers where DNS (Domain Name System) providers keep their systems running. DNS is what translates a URL, like adaptistration.com, into an IP address, which is what the internet uses to connect a web browser with the server where your website lives.
So if a DNS provider is shut down due to a flood of traffic, it can’t process incoming translation requests and connect internet users with the sites they want to visit.
Think of it this way, the website is a store you want to visit and you get there from your home using expressways and traffic signals.
The most recent DDoS attacks blocked the onramps and shut down the traffic signals along that road you need to take.
How The @*#! Did This Happen?
For the most part, the collection of providers that make the internet happen do a good job at dealing with traditional DDoS attacks but this one was different not just because of the target, but the devices used to create the traffic flood.
Instead of using desktop and laptop computers, hackers managed to compromise tens of millions (yes, millions) of devices known collectively as the “Internet of Things” (IoT), most notably, internet connected security cameras. But they include everything from internet enabled printers to DVR’s and televisions.
Hackers managed to compromise and control these devices to use as the source for the traffic flood and since these devices fall outside the normal control providers can influence over mitigating DDoS attacks, we ended up with last week’s mess.
Likely More To Come
The most recent attack focused on DNS provider DYN, who provides services for mega companies like Twitter, Netflix, Spotify, New York Times, and AirBnB. But there is no way to anticipate where or when the next wave of attacks will unfold, but most security experts are confident they are blowing in the wind.
What You Can Do To Help (because you may very well be contributing to the problem)
If you own an IoT device (odds are, you do) be sure that it has the most recent updates available. Many of the manufacturers responsible for making the devices used in this latest DDoS attack were not doing what they should via keeping their device software secure and forcing users to change the default username and password settings.
But they are starting to make those changes. And fast.
So be sure to download and install those updates coming from the manufacturer. In some cases, the devices can’t be updated and manufactures are already sending out recall notices.
What To Do If Your Organization’s Site Gets Hit
- Don’t panic.
- Don’t scream at your web and DNS providers but do contact them to inquire about the trouble and ask for status updates.
- Do have a plan on hand to contact ticket buyers letting them know your site may be down on the day of an event and if so, provide a list of ways they can contact you otherwise.
- Do have a backup plan for digital communication channels in case your primary option is compromised (email marketing, SMS, social media platforms, etc.).
- Do have updated lists of event attendees and ticket buyers on hand in case you can’t retrieve them from a provider under attack.
- Do include some of the most commonly accessed items in those messages, such as directions, parking info, event starting time, etc.
- Do consider having multiple customer service points of contact. Phone, Twitter, Facebook, etc. are all susceptible but the more eggs you have in different baskets, the better.