Battling global DDoS attacks requires coordinated response

Service providers that run the backbone of the internet need to have a coordinated response to deal with a global distributed denial of service (DDoS) attack, security experts say.

There’s only so much that individual enterprises can do when attackers go after critical infrastructure, such as last month’s attack on Dyn.

And it would take cooperation between a relatively small number of parties, said Oded Gonda, vice president of technology and innovation at Check Point Software Technologies, in a recent report.

“In some situations, it would take just two or three providers,” he said. “In some situations, it might be 20 of them. But we are talking about a small number of entities who can work together.”

Right now, that’s not happening, he added.

[ ALSO ON CSO: Is critical infrastructure the next DDoS target? ]

“That is why we witnessed these kinds of global DDoS attacks,” he said.

The cooperation should be on the industry level, he said.

“It would be much better if the technical parties would act together and find the most effective technical ways to do that,” he said. “Regulation takes time and regulation sometimes has the chance of not solving all the problems. But if it does not come from the industry, then there is a place for governments to consider regulation.”

Individual enterprises affected by a global DDoS attack can’t solve the problem on their own because the traffic congestion occurs upstream.

“Individual organizations can do a lot against some types of DDoS attacks ,” he said. “And there are various solutions on the market from Check Point and others, that can allow organizations to deal with that. However, if you have a global type of attack, then unfortunately these solutions will not be enough.”

Gonda suggested that people aren’t yet taking these kinds of attacks seriously enough.

“We have to reach the conclusion that these attacks are something we don’t want to live with,” he said. “That this is an important enough problem that could become an even bigger problem and we need to act together.”

The Dyn attack might have been the warning bell needed.

“It got our attention,” said Christopher Roach, managing director and national IT practice leader at CBIZ Risk & Advisory Services.

Roach agreed that internet traffic companies need to take a stronger look at DoS attacks, including those based in Internet of Things devices.

“They need to be working to stay ahead of the attacks being developed by running their own what-if scenarios and testing their response capabilities,” he said. “I don't think they will always be able to stay ahead of the attack being conceived, but they have to try."

The world is entering a new era of large scale-attacks, said Justin Fier, director of cyber intelligence and analysis at Darktrace.

“In the past six months alone, we've seen several examples of these attacks, from DNC to Yahoo to Dyn,” he said. “It is more clear than ever that we are now facing a heightened cyber threat level.”

Earlier this month, a DDoS attack took the entire country of Liberia off-line.

“Taking out an entire country is a significant step up from taking out merely a dozen companies,” Fier said.