Monday, June 12, 2023

Why do DDoS attacks happen?

 Like just about every company, Our Company has experienced an attempted DDoS (distributed denial of service) attack on our product surface area over the past couple of years.

In the case of our company, it had no significant effect because of the strong security measures built into our system. As part of a standard application security examination, we detected this attack and “stopped” those requests at an early stage. I, as CTO, then informed the Exec Team of the incident, stating that we had received a high-level DDoS attack. It appeared that the perpetrator was from Russia (see below) and was attempting to attack our application via a German VPN, which we immediately blocked.

Too many companies try to hide or understate the severity of attempts to breach our cyber security defences but I wanted to write this post because, by sharing information on real-life examples, we can help others ensure their cyber defences are as robust as possible




Some of the questions for me were:

Why try to attack our application?What benefit is there to the attacker from attacking us?

Why did the hackers choose Our Company ?

I believe these are questions that should be asked, not just for us, but for most companies.

Initially, I had no responses to the those questions. I started investigating and believe that the following could be some of the causes:

1. Activism through hacking

2. Political motivation

3. Retaliation

4. Negative brand image

5. For pleasure or learning

In our situation, I believe it was purely for pleasure, and the popularity of our product may be one reason for the attention..

The following are the various types of DDoS assaults.

1. Application Layer Attack/Layer 7 Attack: The hacker utilises several bots or services to submit a http or https request to the application frequently. The most frequent type of assault is an HTTP “flood attack”, in which the attacker uses a bot to send HTTP GET or POST requests to the server from a different IP address. This attack is tough to counter since the application attacker changes his identity and IP address.

2. Protocol attack / Layer 3 or Layer 4 attack: Protocol-based attacks are primarily concerned with exploiting a flaw in the OSI Layer 3 or Layer 4 layers. TCP Syn Flood is the most popular protocol-based DDoS assault, in which a series of TCP SYN queries directed at a target can overwhelm and render it unavailable.

3. Volumetric Attack: These types of attacks try to cause congestion by absorbing all available bandwidth between the target and the entire Internet. Large amounts of data are transmitted to a destination via amplification or another method of creating massive traffic, such as botnet requests.

In our scenario, we were targeted at the application layer.

To prevent these type of attacks, My Digital have developed numerous preventative approaches. The following are some of the ways for preventing DDoS attacks:

1. Create an effective monitoring system Continuous monitoring is the method in which an organisation continuously monitors its applications, IT systems, and networks in order to detect security threats, performance difficulties, or non-compliance concerns in an automated manner. The goal is to detect potential problems and threats in real time and solve them as soon as possible.

2. Identify problems early in the development process Follow the OWASP TOP 10 best practices when writing code and perform static and dynamic code analysis to detect any early vulnerabilities. To secure applications, employ open-source code vulnerability tools to detect any open-source library vulnerabilities.

3. Create a strong internal and external security network. Avoid exposing unnecessary ports and IP addresses. To prevent malicious activities, use a good network firewall, intrusion detection tools, and endpoint security. Use a web application firewall at the application level.

4. Use your cloud providers best practices All cloud providers offer best practices and tools to safeguard the environment and applications. To avoid an attack, follow their best practices.

Build redundancy and practical back up procedures on top of all of this to eliminate single points of failure

Deploying Laravel Code into AWS Lambda

 

AWS Lambda does not directly support the PHP runtime. When creating an AWS Lambda function using PHP code, we must use containerization or the Bref package. In this article, I'll show you how I used the bref package to deploy Laravel API services to AWS Lambda function.

We must first install the serverless framework. The serverless framework will aid in the development and deployment of code to AWS Lambda. This framework is a Node.js-based free and open-source web framework. The Serverless Framework is a command-line tool that deploys both your code and the cloud infrastructure required to create a plethora of serverless application use cases using simple and understandable YAML syntax.

Step 1: npm install -g serverless

If you have a Laravel project, please get into the root directly, or else create a new project using the following command:

Step 2: composers create-project laravel/laravel example-app

In the root of the Laravel project. Install the Laravel packages using the following command:

Step 3

composer require bref/bref bref/laravel-bridge --with-all-dependencies

If you get an error message about dependencies, use the following command:

composer require bref/bref bref/laravel-bridge --update-with-dependencies

 

Now you have to create a serverless.yaml file. To generate a YAML file, use the following command:

Step 4

php artisan vendor:publish --tag=serverless-config

After this command, you can see a serverless.yaml file.

As follows

service: <<Name of the service you want>>

provider:

    name: aws

    # The AWS region in which to deploy (us-east-1 is the default)

    region: eu-west-1

    # Environment variables

    environment:

        APP_ENV: local # Or use ${sls:stage} if you want the environment to match the stage

package:

    # Files and directories to exclude from deployment

    patterns:

        - '!node_modules/**'

        - '!public/storage'

        - '!resources/assets/**'

        - '!storage/**'

        - '!tests/**'

 

functions:

    # This function runs the Laravel website/API

    web:

        handler: public/index.php

        runtime: php-81-fpm

        timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)

        events:

            - httpApi: '*'

 

    # This function lets us run artisan commands in Lambda

    artisan:

        handler: artisan

        runtime: php-81-console

        timeout: 720 # in seconds

        # Uncomment to also run the scheduler every minute

        #events:

        #    - schedule:

        #          rate: rate(1 minute)

        #          input: '"schedule:run"'

 

plugins:

    # We need to include the Bref plugin

    - ./vendor/bref/bref

 

The final step is to deploy this into lambda. To deploy Lambda code, you must first have an AWS access key and a secret key with appropriate permissions. To save that configuration in your local machine, use the following command.Step4

Step 5

serverless config credentials --provider aws --key <key> --secret <secret>

Finally, run the following command to deploy

Step 6

Serverless deploy