How can you protect against DDoS attacks? Renew your defences and monitor hacktivist forums

Danny Palmer investigates how you can mitigate the impact of a DDoS attack on your corporate servers

The distributed denial-of-service (DDoS) attack, wherein the perpetrator employs a botnet to make an online service or website unavailable by overwhelming it with traffic, is a favourite weapon of cyber vandals.

While it isn't unknown for DDoS attacks to be used as a distraction tactic to steal data, more often than not they're implemented in order to make a statement or just to irritate a company and its online users.

Recently, video game company Valve was forced to delay its $18m international Dota 2 championships after its servers were DDoSed. The disruption only lasted a few hours but thousands in the Seattle KeyArena audience who had paid to watch live matches and hundreds of thousands of others who were expecting to view the event live on Twitch were greeted with impromptu e-Sports punditry instead. The incident was embarrassing for Valve.

It has also been revealed that a major IT glitch at the Royal Bank of Scotland (RBS) that left customers unable to access their online banking accounts was caused by a DDoS attack.

So, how can can an organisation protect itself from hacktivists looking to make a point using DDoS?

Unfortunately, according to Dr Kevin Curran, senior member of Institute of Electrical and Electronics Engineers (IEEE) and security lecturer at Ulster University, there's not much that can be done.

"If most network administrators are honest, they know they can do little to protect themselves against a targeted attack," he told Computing.

The reason DDoS attacks are hard to stop, he explained, is because "free simple tools make it easy to flood sites with overwhelming amounts of dummy traffic created by custom scripts".

"You simply enter the URL of a website and watch these free programs generate fake packets so as to overload a site's servers. You can watch the average site being brought to its knees in minutes," Dr Curran added.

However, Stephen Ward, senior director at global cyber threat intelligence company iSIGHT Partners, told Computing there are ways to prevent or at least reduce the impact of a DDoS attack, thanks to the fact that often the perpetrators like to show off about what they plan to do.

"In the case of DDoS, the perpetrators often telegraph their desires and announce their intent in online forums and through social media. In many cases, they even state the date that they intend to launch these attacks," he explained, adding that the motivation is "to garner public praise or street credibility for their cause".

Ward therefore argues that "monitoring of online forums and of open source networks is of great value in mitigating these types of attacks".

"When plans for these attacks are uncovered, the targeted organisations have the ability to get ahead of the attack, turn up the appropriate controls and in most cases, avoid negative impact," he added.

Nonetheless, Ward warned that an organisation shouldn't just rely on monitoring forums, they should invest in tools to mitigate DDoS attacks too.

"Whether they be proactive or reactive, organisations with a high profile and potentially controversial global operations should be investigating these tools and finding a fit that maps to their specific risk profile," he explained

"If your organisation has the potential to fall on the wrong side of a political argument or issue, or is in a critical infrastructure business such as financial services, you should be on guard against them and putting in place tools that proactively respond when these attacks flare up," Ward added.

According to Dr Curran, while it's difficult to protect against DDoS, organisations must ensure they've taken all the precautions necessary - such as using a cloud solution that can handle high bandwidths - to mitigate against this type of attack because they're going to keep coming.

"DDOS attacks will continue for the foreseeable future as long as unpatched systems remain online and easy-to-deploy DDoS tools exist," he said, arguing that "large companies need to constantly upgrade their DDoS flood defences" because "some approaches that worked just a few years ago are now basically useless".

Computing's Enterprise Security and Risk Management Summit takes place later this year and is free to attend for qualified end users. Register here.