Clavister Blog Staff

Are we still in denial about DDoS attacks?

In Blog post by Clavister Blog Staff

$2.5 million:  that’s the average loss of revenue experienced by an organization hit with a DDoS attack, according to the latest DDoS and Cyber Security Insights Report from Neustar.  84% of the 100)+ organisations surveyed reported that they were targeted by DDoS attacks in the past year, that the number of DDoS attacks increased 15% over the past 12 months, across all industry sectors.

The report found that the proportion of attacks greater than 10 gigabits per second (Gbps) was up 11% on the previous year to 45%, and that 45% of organisations targeted by DDoS attacks said they had been hit more than five times.

DDoS attacks haven’t just ramped up in frequency and size:  they’re also increasingly used as a smokescreen for other malicious activity by cybercriminals.  In European organisations, 42% of respondents said DDoS attacks were accompanied by malware infections (an increase of 10% over the past year), and 27% of DDoS attacks in the past year were accompanied by either ransomware or extortion by threatening further DDoS attacks, up from 15% in 2016.

So while organizations are being hit hard by the onslaught of DDoS activity, how should they respond and strengthen their defences?  First, they should ensure that basic principles of DDoS mitigation, including bandwidth management, appropriate load balancing and intelligent network segmentation, are built into their infrastructures. These all help to minimize the impact of a DDoS attack should it occur, and can potentially preventing it from actually downing your network. All these measures are built into our Next Generation Firewall solutions as standard.

Second, you should think about GeoIP blocking – which is also a feature of all Clavister security gateways. This works on the simple principle that a vast amount of the IP addresses and websites your organization connects to – a majority of them, in fact – should not be touching your organization at all. Perhaps they are geographic areas or specific countries where your organization does no business, and is unlikely to ever do so. Perhaps they are known bad IP addresses that distribute malware, are the source of phishing attacks, have been hijacked for malicious purposes – or, of course, are controlling the botnets that launch DDoS attacks.

So rather than allowing traffic from these unnecessary sources and running the risk of DDoS attacks, why not automatically block it at the outset?  GeoIP blocking allows you to pinpoint exactly where on the internet a DDoS attack is being launched from, and then to automatically block all traffic from those specific IP addresses or regions, until the attack has passed over. It offers a kind of perimeter protection against DDoS attacks, preventing them from actually hitting your network.

With GeoIP blocking in place, if a DDoS attack begins, you can immediately analyse where the traffic is coming from and form a strategy for mitigating the attack.