Bots, Zombies and DDoS Attacks, Oh My!

So the other day I was writing about botnets and the image that came to my mind was the sneaky little evil robot called Frenzy from Transformers because he acted like bots do in a botnet. Both Frenzy and bots hide out so they can spy on people and then report back to their boss. Frenzy then reports back to his boss, Megatron, what he has found. The bots report back to what is referred to as the Command and Control server (C2). This is the image that came to my mind because stealing personal information from users’ machines is what most bots do nowadays.

DDoS Attacks

However, one of the original purposes of bots in a botnet was to take part in distributed denial of service (DDoS) attacks. A DDoS attack is when a perpetrator tries to overwhelm a target system by flooding it with requests. The perpetrator uses the bots to take over computers of unaware users and uses them to send the requests that overwhelm the target system and take it down. And, of course, another name for these systems that have been taken over by the bots is zombies. So now the scene in my head is from World War Z when thousands of zombies started overwhelming the walls of Jerusalem. I should really start watching more RomComs.

Fun fact, in the year 2020, when it seemed that everything from plague to killer bees was coming at us, we in fact had one of the biggest zombie attacks in history! Amazon Web Services reported that in February of 2020 they defended themselves against a 2.3 terabyte per second DDoS attack. The attack was almost 1.5 times as big as any other attack and lasted over three days. Luckily, the protections Amazon had in place did their job and they didn’t go down.

All of this seems pretty terrifying. Again I am picturing millions of zombies overwhelming my servers and my network. If a group of hactivists like Anonymous sets their sites on your company or organization, they can activate the zombies and send them to attack.

How to protect Against DDoS attacks

There are 3 steps you should make sure you implement to protect yourself against DDoS attacks;

Have an Incident Response Plan

An Incident Response Plan identifies any possible cyber security vulnerabilities throughout your systems and how you plan on addressing those vulnerabilities. This plan should include vulnerabilities related to DDoS attacks and how you will respond to a possible attack. The plan should clearly outline who is responsible for implementing security initiatives and monitoring possible events as well as how incidents should be escalated.

Use appropriate tools

Firewalls, network monitoring tools and anti-malware software are all the basis of security tools all organizations should be implementing. But for DDoS attacks, detection and protection are key using services like AWS Shield, Cloudflare or Akamai can be invaluable. AWS Shield was key in keeping AWS up during the attack that occurred in February 2020.

Ensure systems are kept up to date

New vulnerabilities are constantly being uncovered so it is important to make sure all your systems are up to date with the latest security patches and bug fixes. This is often very difficult to keep up with in smaller organizations, which makes using cloud services much more appealing because they have the resources to make sure that their services are protected and kept up to date.

Knowledge of what the cybercriminals are capable of doing such as swarming your systems with 2.3 tbps can be terrifying. But we can’t protect or prevent what we don’t know. It is our job as IT and Security professionals to keep our systems safe and make sure we are prepared to keep one step ahead of the perpetrators.

About the Author

Alicia Townsend

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

Related Articles