Without early threat detection, you may not know your website has been hit by a DDoS attack until it slows down or stops, says NordVPN Teams.
A Distributed Denial of Service (DDoS) attack can prove devastating for a website. By flooding an organization's web server with traffic, an attacker could slow down or even halt the website completely. Trying to mitigate a DDoS attack after it's already begun can cost an organization a huge amount of time, money, and resources. A report released Wednesday by NordVPN Teams discusses the latest trends for DDoS attacks and offers advice on how to prevent one.
SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)
DDoS attacks have been on the rise. In the first quarter of 2020, such attacks jumped by more than 278% compared with the same quarter in 2019 and by more than 542% over the same quarter in 2018, according to Nexusguard's Q1 2020 Threat Report.
The shift to self-quarantining at home amid the coronavirus pandemic has also led to an increase in DDoS attacks. Cybercriminals see online services as more of a necessity than ever and therefore more vulnerable and a more tempting target for extortion.
DDoS attacks can be costly for organizations but cheap for criminal buyers. Based on a recent Dark Web Price Index for 2020, a basic targeted malware attack in Europe or the US costs $300, while a targeted distributed denial of service (DDoS) attack sells for as low as $10 per hour or $60 for 24 hours. Some sellers even tout volume discounts so buyers can fill up on multiple attack types.
"One reason why DDoS attacks are so inexpensive is that more and more people that offer DDoS-for-hire services are leveraging the scale and bandwidth of public clouds," NordVPN Teams CTO Juta Gurinaviciute, said in a press release. "With remote work becoming the new standard and with emphasis on home internet connectivity at an all time high, proper security measures to mitigate these attacks have never been more important."
DDoS attacks have also become more sophisticated. Attacks are often triggered from virtual cloud-based machines rather than from the attacker's own computer. Such a strategy achieves greater anonymity for the criminal and higher network bandwidth for the attack. These campaigns are also increasingly carried out through botnets in which networks of multiple hijacked computers band together to launch an attack.
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
"When online connections are stopped or significantly slowed for even a few hours, employees' work is disrupted, and customers can't buy anything, which all leads to damaged revenues and public image of the organization," Gurinaviciute added.
To better protect your organization against DDoS attacks, NordVPN Teams offers the following advice:
- Develop a Denial of Service response plan. Make sure your data center is prepared, a checklist is in place, and your team is aware of their responsibilities.
- Secure your network infrastructure. This includes advanced intrusion prevention and threat management systems, which combine firewalls, VPN, anti-spam, content filtering, and load balancing. Together, they enable constant and consistent network protection against DDoS attacks.
- Make sure your systems are up to date. By regularly patching your infrastructure and installing new software versions, you can close more doors to attackers.
- Leverage the cloud. Cloud-based apps can curb harmful or malicious traffic before it ever reaches its intended destination. Such services are operated by software engineers whose job is to monitor the web for the latest DDoS tactics and attack vectors.
- Avoid public or unsecured Wi-Fi. If your remote team must log in to an account on a network you don't trust, use a VPN to encrypt all communications. Even bank websites can be forged to be almost undetectable.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)