Like just about every company, Our Company has experienced an attempted DDoS (distributed denial of service) attack on our product surface area over the past couple of years.
In the case of our company, it had no significant effect because of the strong security measures built into our system. As part of a standard application security examination, we detected this attack and “stopped” those requests at an early stage. I, as CTO, then informed the Exec Team of the incident, stating that we had received a high-level DDoS attack. It appeared that the perpetrator was from Russia (see below) and was attempting to attack our application via a German VPN, which we immediately blocked.
Too many companies try to hide or understate the severity of attempts to breach our cyber security defences but I wanted to write this post because, by sharing information on real-life examples, we can help others ensure their cyber defences are as robust as possible
Some of the questions for me were:
Why try to attack our application?What benefit is there to the attacker from attacking us?
Why did the hackers choose Our Company ?
I believe these are questions that should be asked, not just for us, but for most companies.
Initially, I had no responses to the those questions. I started investigating and believe that the following could be some of the causes:
1. Activism through hacking
2. Political motivation
3. Retaliation
4. Negative brand image
5. For pleasure or learning
In our situation, I believe it was purely for pleasure, and the popularity of our product may be one reason for the attention..
The following are the various types of DDoS assaults.
1. Application Layer Attack/Layer 7 Attack: The hacker utilises several bots or services to submit a http or https request to the application frequently. The most frequent type of assault is an HTTP “flood attack”, in which the attacker uses a bot to send HTTP GET or POST requests to the server from a different IP address. This attack is tough to counter since the application attacker changes his identity and IP address.
2. Protocol attack / Layer 3 or Layer 4 attack: Protocol-based attacks are primarily concerned with exploiting a flaw in the OSI Layer 3 or Layer 4 layers. TCP Syn Flood is the most popular protocol-based DDoS assault, in which a series of TCP SYN queries directed at a target can overwhelm and render it unavailable.
3. Volumetric Attack: These types of attacks try to cause congestion by absorbing all available bandwidth between the target and the entire Internet. Large amounts of data are transmitted to a destination via amplification or another method of creating massive traffic, such as botnet requests.
In our scenario, we were targeted at the application layer.
To prevent these type of attacks, My Digital have developed numerous preventative approaches. The following are some of the ways for preventing DDoS attacks:
1. Create an effective monitoring system Continuous monitoring is the method in which an organisation continuously monitors its applications, IT systems, and networks in order to detect security threats, performance difficulties, or non-compliance concerns in an automated manner. The goal is to detect potential problems and threats in real time and solve them as soon as possible.
2. Identify problems early in the development process Follow the OWASP TOP 10 best practices when writing code and perform static and dynamic code analysis to detect any early vulnerabilities. To secure applications, employ open-source code vulnerability tools to detect any open-source library vulnerabilities.
3. Create a strong internal and external security network. Avoid exposing unnecessary ports and IP addresses. To prevent malicious activities, use a good network firewall, intrusion detection tools, and endpoint security. Use a web application firewall at the application level.
4. Use your cloud providers best practices All cloud providers offer best practices and tools to safeguard the environment and applications. To avoid an attack, follow their best practices.
Build redundancy and practical back up procedures on top of all of this to eliminate single points of failure