Microsoft is reporting that nearly 70,000 sources spread across the globe are responsible for one of the largest cyber-attacks in history. A Distributed Denial-of-Service (DDoS) attack is a cyber-attack in which the adversary attempts to make a machine or network resource unavailable to its intended users by flooding the target machine with requests in an attempt to overload the system. A report by Link11 suggests that DDoS attacks are on the rise, as we have seen a 33 percent increase during the first half of 2021.
Microsoft reports that the attack, while lasting only around 10 minutes, was one of the most significant they have ever seen. Bursts of traffic that peaked out at 2.4 Tbps were utilized in attempt to cripple servers and prevent legitimate traffic from reaching its target. While DDoS attacks on their own can be devastating for organizations with internet facing services, many times they are used as a distraction for an even more sophisticated attack. An attacker with persistent access to an internal network may use an external DDoS attack to distract IT staff while ransomware is deployed across the internal network.
The Azure security team was able to confirm that all services remained online during the attack due to security controls that mitigate the effect of large-scale DDoS attacks. How would your organization’s internet facing infrastructure hold up against an attack like this? Here are some mitigating steps:
- Reduce Attack Surface – Limiting the internet facing attack landscape is the best way to reduce the risk of DDoS attacks.
- Scaling – Scaling your infrastructure to absorb a large-scale DDoS attack can be a great way to mitigate risk. Utilizing Content Distribution Networks (CDNs) or Load Balancers to spread traffic out across multiple servers can limit the effect overwhelming amounts of traffic can have on a single server.
- Know What is Normal – Having a general idea of what is a normal amount of traffic and what is not can assist you in configuring technologies to prevent against DDoS attacks. Configuring proper rate limiting and traffic analysis to block illegitimate traffic could save you a major headache.
- Deploy Sophisticated Controls – Web Application Firewalls (WAFs) are sophisticated tool sets that can detect and block these types of attacks. They can be configured to protect your application by blocking source IPs, whitelisting specific geo-locations, and stopping illegitimate requests in their tracks.
- Penetration Testing – Performing external and web application penetration tests can point you to vulnerabilities that would be at risk of a DDoS attack. Patching these holes on your external perimeter may save your organization from experiencing unproductive downtime.