Guest Post by Mary Karnes, Manager, IBM Cloud Security Services
Distributed denial-of-service attacks that congest Internet connectivity and disrupt online services topped unprecedented levels in 2013; and the tactics used were varied in both size and method. One example of methods used included attackers seeking to shut down access by targeting DDoS attacks on DNS providers, which in turn caused downtime for customers using those services for their DNS infrastructure.
DDoS is not the only threat to the online web presence; in other cases, attackers were able to target websites with otherwise strong security in place by hijacking DNS requests at the DNS provider. This allowed them to redirect traffic going to the legitimate site. From there, the attackers had several options: they could do something fairly benign such as display a defaced version of the website; they could do something more insidious like detect user cookies as a man-in-the-middle-type attack; or they could expose endpoints to malware before they reached the host site.
Defending the web presence continues to be a challenge. We can't solve it all in one blog but here are a few things to consider as you build out your plans to protect your web presence; especially as you consider your capabilities to respond to DDoS attacks.
1. How important is your web presence? DDoS attacks are growing: in both frequency and size. It is no longer a matter of "if", it is a matter of "when" a DDoS attack will happen. The question to consider is, how much does it matter if your web presence goes offline for an hour? A day? A week? If your business or brand would significantly suffer, then you should be seriously considering your capacity to handle such an attack.
2. Get a response plan: It is important to have a clear response plan pre-defined because time is of the essence when reacting to security breaches. Precious minutes and hours can go by if you are not organized or do not have first responders prepared to respond. We find that while many clients have a response plan, it is often outdated, untested, and does not consider DDoS attacks.
3. Look for parallel attacks: DDoS incidents provide an excellent distraction technique when the true motivation is to breach systems or infiltrate systems under the cover of the DDoS attack. If you sustained a DDoS attack, it is quite possible you sustained a secondary attack and it is possible you lost visibility to that attack from your on-premise devices. Attackers count on the fact that in these panic situations, security and IT teams are so relieved to get the website back up and running, that they forget to look around for other attacks.
In today's connected world, companies need to be smart when selecting a partner to combat the many sophisticated threats presented by hackers. IBM has integrated with Akamai's always-on cloud-based web security solution, "Kona Site Defender" to provide both proactive and reactive protection from the increasing frequency, scale and sophistication of web-based attacks.
Mary Karnes is a product manager with IBM Security Services and primarily focuses on services that help defend against web attacks (including distributed denial of service) and targeted attacks. She has more than thirteen years working in information security, having served as the leader of a penetration testing team, manager of a security intelligence team, and as a security transformation executive. Mary holds two patents and a masters degree in telecommunications.