Now it’s been conclusively demonstrated how susceptible even the largest of organizations are to distributed denial of service (DDoS) attacks. At the core of these attacks are multiple forms of malware that have spread to millions of devices connected to the Internet. Once infected, those devices are then incorporated into a massive botnet like the one that directed last week’s DDoS attack against Dyn, a provider of Domain Name System (DNS) services to Web stalwarts such as Google, Twitter, Airbnb, Paypal, Netflix, and Spotify.
While Dyn was eventually able to fend off the attack, the performance of multiple Web applications slowed to a crawl. In many cases, managed service providers (MSPs) with customers that were adversely affected by the attack on Dyn were dealing with more than a few irate calls. After all, there’s a direct correlation between Web application performance and the amount of revenue many organizations can generate per hour.
Dyn is a popular choice to host a DNS server because the assumption is that a service that large should be more resilient. Because Dyn was able to, for now at least, fend of these latest attacks, there’s some truth to that. But MSPs might want to investigate making alternative DNS services available to their clients. The fact that Dyn is so large makes it a primary target. Thanks to the ability to harness any device attached to the Internet to launch these attacks, it’s apparent that DDoS attacks are only going to increase in size. Being able to switch DNS services is just prudent.
3 ways to prepare for cyber attacks
Naturally, many organizations have appliances in place to thwart these types of attacks. But as these attacks increase in size, many of these appliances are simply being overwhelmed. For example, DDoS attacks as large as 620 Gbps have been launched against KrebsonSecurity.com. Of course, MSPs should make sure their clients have access to the latest generation of DDoS appliances so they don’t fall prey to smaller DDoS attacks that are becoming more routine.
When all else does fail, it’s going to be important to provide clients with access to backups of any files they might have stored in the cloud. That way they can still work on some files while waiting for the DDoS attack to pass.
At the same time, MSPs should be having conversations with clients about making sure their endpoints — especially in the age of Internet of Things (IoT) — don’t unwillingly become incorporated into a botnet being used to launch a DDoS attack. Continuously monitoring these devices to make sure they have not been hijacked by a malicious third-party is not optional.
Most internal IT organizations, however, don’t have the money or skills needed to deploy monitoring tools capable of tracking endpoint behavior at scale. Because of that issue, MSPs are in a unique position to provide both monitoring and endpoint security management as a service at an affordable cost.
Accountability and responsibility
Hacks have become a fact of IT life, and governments around the world are making it clear that in the very near future they intend to hold organizations that deploy devices and systems that get hacked accountable. That may sound like blaming the victim, but the reality of the situation is that individuals and institutions now bear collective responsibility for IT security in much the same way we are all held accountable to one degree or another for public health.
Whether it’s Typhoid Mary spreading disease one interaction at a time or a network of embedded systems being compromised to spread malware that affects everyone on the Web, there is inevitably going to be accountability. And organizations are starting to act accordingly. For example, one Chinese maker of webcams that were infected with malware that allowed them to be incorporated into the botnet used to launch last week’s DDoS attack is already recalling millions of units.
Most MSPs are more than competent enough to work with clients to prevent the average DDoS attacks from ever impacting a client’s business. But when that occasional massive DDoS attack does come along, it’s always best to make like a Boy Scout and be prepared.