According Corero Network Security, recently increased the number of new, intelligent DDoS attacks, acting on the application level. They are extremely difficult to recognize “the cloud” and they often go unnoticed until when you do not become too late.
There has also been a surge of attacks against corporations by hacktivists who conduct attacks for political and ideological reasons than for financial reasons. Attacks against Mastercard, Visa, Sony, PayPal and CIA head the list.
“The game of cat and mouse between the IT-administrators, criminals and hackers, activists intensified in 2011 after numerous DDoS attacks at the application level. In view of hackers, activists, companies need to be very attentive in the fight against attempts to turn them off sites to steal personal information or spoil Web applications “- said Mike Puckett, chief strategy officer of the company Corero Network Security.
1. Anonymous DDoS attacks on the “censors” WikiLeaks – companies Visa, Mastercard and PayPal.
The most notable so far this year, DDoS attacks have become the first example of what was later called the Internet “cyber riot” when ordinary users to join the attack on a voluntary basis.
2. DDoS attack on the Sony PlayStation Network.
Wake-up call for gamers, consumers and investors. This attack began a series of other attacks and leaks that have caused financial damage to the company and damaged its reputation.
3. Beat LulzSec by the CIA and SOCA.
The emergence of the group holding them LulzSec and DDoS attacks on the CIA and the British Agentsvo to Combat Organized Crime (SOCA) has forced even experts seriously doubt that the Internet in general, at least someone is protected.
4. DDoS attack by WordPress.
Large-scale attack brought down some 18 million websites world’s largest blog hosting. The attack hit the company’s data center through which millions of queries per second.
5. The attack on the Hong Kong Stock Exchange.
This attack is very severe effects on the entire financial world, violating trade stocks in Hong Kong. Hit only one target could potentially affect hundreds of organizations and individuals.
Recommendations for mitigation of the effects of Corero DDoS attacks.
1. Create a plan to counter attacks.
As in the case of an incident response plan, advance preparation – is the key to quick and effective action, avoiding jobs involving all hands in the fight against DDoS attacks. Plan against DDoS lists and describes all the steps to be taken by the organization if its IT infrastructure comes under attack.
Increasingly, companies have to observe Corero that DDoS attacks aimed at large companies are very clever, steadfast and firm. This new type of hacker will switch to new sources of alternative methods of attack and each time a previous attempt fails. It is therefore essential to plan a counter included instructions on when and how they should be involved in additional resources to mitigate the effectiveness of attacks and how to be ratcheted up surveillance.
2. Local protection against DDoS is essential.
“Net” connection from the provider creates a false sense of security. Local DDoS protection, installed in front of application servers and databases necessary for a timely response to flooding attacks, as well as to identify and reject the increasingly common DDoS attacks at the application level. For the best defense, local protection from DDoS should work in conjunction with automated monitoring service that allows you to quickly recognize and respond to attacks.
3. Protect your DNS servers.
Often the purpose of DDoS attack are DNS servers. If an attacker can disrupt the DNS server, then all its services could disappear from the Internet, and the desired effect is achieved.
4. Know your real customers.
Flooding attacks and brute force attacks are relatively easy to recognize. However, it takes a high-performance and sophisticated analysis in order to block their traffic, while letting legitimate traffic.
Finding more insidious attacks, acting at the application level, requires a thorough understanding of typical behavior and actions of honest customers or employees who access the protected applications. Almost the same as the detection system of credit card fraud, the local system of protection against DDoS attacks establishes fair use patterns to identify suspicious traffic and to respond appropriately.
5. Maintain constant vigilance.
DDoS attacks are becoming more intelligent and secretive. Can not wait until the application stops responding before taking action. For optimal protection, early warning system of DDoS attack to be part of the overall security of the company.Continuous and automated monitoring is necessary to recognize an attack in time, to score anxiety and begin to apply the plan of resistance.