• United States




DDoS attacks: how to mitigate these persistent threats

Feb 24, 20164 mins
Advanced Persistent ThreatsNetwork SecuritySecurity

Enterprises and end users remain at risk of a DDoS attack, which have been named the #1 Internet threat

Distributed denial of service is a type of DoS attack where multiple compromised systems, which are often joined with a Trojan, are used to target a single system causing an attack.

The DDoS attack itself may be a bit more sinister, according to NSFOCUS IB. A DDoS attack is an attempt to exhaust resources so that you deny access to resources for legitimate users. 

“It has never been easier to launch a sustained attack designed to debilitate, humiliate or steal from any company or organization connected to the Internet. These attacks often threaten the availability of both network and application resources, and result in loss of revenue, loss of customers, damage to brand and theft of vital data,” NSFOCUS Global wrote in a business white paper.

In a question-and-answer session, Dave Martin, director of product marketing at NSFOCUS, IB, explained the different types of DDoS attacks and how to detect and respond to these attacks.

What are some of the most common types of DDoS attacks?

There are actually three styles of attacks that we see often. Application order, volumetric, and hybrid. 

Can you explain the differences in each method?

Application order is less volumetric but still tries to consume resources. Attacker connect to a website and asks for a password. They send data and get a response from the server. Rather than send all data at once, they send a character at a time. As an attacker, you can create hundreds of thousands of connections at a time. They are opening up a secure connection to a website that appears normal but is consuming memory.

Volumetric attempts to overwhelm the target with traffic.

The hybrid attack is often application order and volumetric used in combination. The consequence is loss of revenue, loss of customers, and damage to reputation. These are not even about denial of service. These are smoke screens for exfiltration of data.  Because of the distraction, attackers are able to plant back doors in other areas of the network. 

How can security teams detect these attacks?

Detecting the DDoS attack itself really requires specialized hardware that will send alerts like emails or management tracks. The goal is to get these notifications before resource becomes unavailable. If you don’t have anti DDoS detection, you won’t know until the service goes down. 

How do security teams respond once they identify these attacks?

It takes a while for service providers to identify and clean that traffic. A lot of service providers black hole the traffic so that all of your traffic is offline. 

How can security professionals differentiate when an attack is DDoS?

These attacks are advanced persistent threats. Often the bad actors install a back door and sit on a network making them difficult to detect. 

Why are these attacks so persistent?

These DDoS attacks are very easy to pull off. There are botnets available that criminals can rent for as little as $10 a month, and they require no technical expertise. These can generate a very large attack.  Also, a lot of folks think they can handle these attacks with firewall, but many people are finding that those types of general purpose tools fall over in the face of an attack. People are starting to recognize that existing security equipment is not going to provide adequate protection. A firewall is great, you have to have it, but it’s not a panacea.

How do security teams determine what tools are best in mitigating the risks of these attacks?

They first have to ask, “Is it a good solution that fits in my budget?” Be sure that the technology has been battle tested. While enterprises like major banks have enormous budgets for their security strategy, small to midsize organizations are working with more limited resources. 


Kacy Zurkus is a freelance writer for CSO and has contributed to several other publications including The Parallax, and K12 Tech Decisions. She covers a variety of security and risk topics as well as technology in education, privacy and dating. She has also self-published a memoir, Finding My Way Home: A Memoir about Life, Love, and Family under the pseudonym "C.K. O'Neil."

Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). Recently, The University of Southern California invited Zurkus to give a guest lecture on social engineering.

The opinions expressed in this blog are those of Kacy Zurkus and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author