So the other day I was writing about botnets and the image that came to my mind was the sneaky little evil robot called Frenzy from Transformers because he acted like bots do in a botnet. Both Frenzy and bots hide out so they can spy on people and then report back to their boss. Frenzy then reports back to his boss, Megatron, what he has found. The bots report back to what is referred to as the Command and Control server (C2). This is the image that came to my mind because stealing personal information from users’ machines is what most bots do nowadays.
However, one of the original purposes of bots in a botnet was to take part in distributed denial of service (DDoS) attacks. A DDoS attack is when a perpetrator tries to overwhelm a target system by flooding it with requests. The perpetrator uses the bots to take over computers of unaware users and uses them to send the requests that overwhelm the target system and take it down. And, of course, another name for these systems that have been taken over by the bots is zombies. So now the scene in my head is from World War Z when thousands of zombies started overwhelming the walls of Jerusalem. I should really start watching more RomComs.
Fun fact, in the year 2020, when it seemed that everything from plague to killer bees was coming at us, we in fact had one of the biggest zombie attacks in history! Amazon Web Services reported that in February of 2020 they defended themselves against a 2.3 terabyte per second DDoS attack. The attack was almost 1.5 times as big as any other attack and lasted over three days. Luckily, the protections Amazon had in place did their job and they didn’t go down.
All of this seems pretty terrifying. Again I am picturing millions of zombies overwhelming my servers and my network. If a group of hactivists like Anonymous sets their sites on your company or organization, they can activate the zombies and send them to attack.
How to protect Against DDoS attacks
There are 3 steps you should make sure you implement to protect yourself against DDoS attacks;
Have an Incident Response Plan
An Incident Response Plan identifies any possible cyber security vulnerabilities throughout your systems and how you plan on addressing those vulnerabilities. This plan should include vulnerabilities related to DDoS attacks and how you will respond to a possible attack. The plan should clearly outline who is responsible for implementing security initiatives and monitoring possible events as well as how incidents should be escalated.
Use appropriate tools
Firewalls, network monitoring tools and anti-malware software are all the basis of security tools all organizations should be implementing. But for DDoS attacks, detection and protection are key using services like AWS Shield, Cloudflare or Akamai can be invaluable. AWS Shield was key in keeping AWS up during the attack that occurred in February 2020.
Ensure systems are kept up to date
New vulnerabilities are constantly being uncovered so it is important to make sure all your systems are up to date with the latest security patches and bug fixes. This is often very difficult to keep up with in smaller organizations, which makes using cloud services much more appealing because they have the resources to make sure that their services are protected and kept up to date.
Knowledge of what the cybercriminals are capable of doing such as swarming your systems with 2.3 tbps can be terrifying. But we can’t protect or prevent what we don’t know. It is our job as IT and Security professionals to keep our systems safe and make sure we are prepared to keep one step ahead of the perpetrators.