The Federal Bureau of Investigation (FBI) in the U.S. has issued an alert warning organizations that distributed denial of service (DDoS) amplification attacks are on the rise.
A DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses. The attacker spoofs the source Internet Protocol (IP) address of their ultimate target, which results in traffic that overwhelms the ability of the target to respond to requests. The result is that DDoS attacks are increasing in both size and duration.
Akamai, for example, recently disclosed it mitigated the largest packet per second (PPS) distributed denial-of-service (DDoS) attack ever recorded on its platform. Aimed at a large European bank, the attack generated 809 million packets per second (MPPS). That attack comes on the heels of a 1.44 terabits-per-second (TBPS) attack that for nearly two hours reached levels of 385PPS.
Shortly after that disclosure, Amazon Web Services (AWS) disclosed it had mitigated an even larger 2.3TBPS attack last February. That attack was traced back to cybercriminals that hijacked CLDAP web servers.
Cybercriminals are also taking advantage of a much larger number of devices that now connected to the Internet. Based on the size of some recent DDoS attacks it’s apparent cybercriminals are become more adept at orchestrating Internet of Things (IoT) devices to launch these attacks.
The FBI is advising organizations to configure network firewalls to block unauthorized IP addresses and disable port forwarding in addition to enrolling in a Denial of Service mitigation service that detects abnormal traffic flows and redirects traffic away from your network.
Cybersecurity teams should also create a partnership with your local internet service provider (ISP) to craft a strategy for responding to these attacks before they occur and make certain all network devices are current with security patches, the FBI recommends.
Finally, the FBI is also advising organizations to change the default username and passwords for all network devices, especially IoT devices. If the device’s default username or password cannot be changed, they should then ensure that the device has a strong password and a second layer of security, such as multi-factor authentication or end-to-end encryption.
The most common reason cybercriminals launch DDoS attacks is still to extort money. However, DDoS attacks might also serve as a distraction while other attacks are being launched. It’s also possible a DDoS attack is being launched by a country looking to disrupt another nation or political activists trying to make a statement. It could just as easily be a business rival or someone for reasons only known to them is really angry.
Regardless of the reason, organizations should assume a DDoS attack is coming their way. There’s little any organization can do to stop these attacks from being launched. However, how an organization responds to these attacks can make all the difference in the world. The challenge and opportunity is to make sure the organization is resilient enough to withstand those attacks come what may.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.