DDoS Attacks: What’s Your Plan For the Next One?
Last week, large swaths of the internet were hobbled by a coordinated distributed denial of service attack on the network's basic infrastructure. And odds are good that something similar is going to happen again. Now's a good time to talk about contingency plans to ensure your association isn't knocked offline.
If you were like most people, you found a bunch of your online services zonked out on Friday.
From large platforms like Twitter to specialized web-based videoconferencing software that might have been used in your office, it seemed like work was a hard thing to get done late last week, due to a massive cyberattack that was unprecedented both in scope and tactic. The current political climate has some questioning whether politics were a factor, or whether the goal was to sideline a prominent online outlet.
Gizmodo‘s William Turton, meanwhile, suggested that the issue was less about Friday’s incident and more about what’s likely to happen next.
“No matter who did it, we should expect incidents like this to get worse in the future,” Turton wrote. “While DDoS attacks used to be a pretty weak threat, we’re entering a new era.”
Part of the reason for Turton’s rationale has a lot to do with the tactics used. As Ars Technica explains, the culprit here is a botnet platform called Mirai, the code for which was released publicly a few weeks ago. Mirai works like this: It exploits connected devices using known vulnerabilities in a variation of Linux commonly used by items like DVRs, cameras, or security systems.
These exploits are then used to push out tons of junk data to servers—in this case, the domain name service (DNS) provider Dyn—in what’s called a distributed denial of service attack (DDoS). Since websites, email addresses, and servers rely on DNS to tie numerical addresses to domains, it means nothing can get through, and you’re stuck twiddling your thumbs.
Such an attack can limit your ability to communicate: Security researcher and journalist Brian Krebs had his website paralyzed by a massive botnet attack a month ago using the same approach as Friday’s attack.
The strategy of turning common home devices into bots is even more problematic than with computers, because traditionally there has been little incentive on the part of manufacturers to fix these vulnerabilities. (That said, Friday’s attack did lead a Chinese manufacturer to recall its devices.) Therefore, it creates a situation where many more devices can be used to attack the internet than previously was possible—and it’s going to be hard to get the genie back into the bottle.
Friday’s attack was bad. The next one could be even worse.
Contingency Is the Word
Now, odds are low that an attack like this is going to be directly aimed at your organization. (Though there are plenty of other kinds of cyberattacks that might be.)
Instead, the impact with attacks like these is more likely going to be to pieces of infrastructure you use—your cloud service, your email provider, your association management system platform, or (as was the case on Friday) prominent social networks like Twitter.
And these attacks are on the rise, with the latest edition of the Verisign DDoS Trends Report [PDF] revealing a 75 percent year-over-year increase in such attacks, with nearly half of such attacks (45 percent) affecting IT services and cloud-based platforms, and 23 percent involving the financial sector.
As the Verisign report infers, the problem is that such attacks are fairly unpredictable in nature. You don’t know how bad such attacks are going to be and how damaging they can be to your infrastructure. In other words, they work a lot like another kind of unexpected event that can prevent your organization from completing its job: a big storm, much like Hurricane Matthew, which hit the East Coast earlier this month.
That storm clearly had a negative effect on local communities, power systems, and getting work done. Associations had to cancel events as a result of the storm as well. Now, while a DDoS attack doesn’t necessarily affect “meatspace,” as some folks on the internet call the real world, it does require a similar kind of thinking from your organization.
It’s important to be aware of the risks, and to build a strategy of your own, so you’re confident that your association can keep working even if you can’t connect to a necessary website or servers. Who do you need to reach out to if a service isn’t working? Are there backup services you can use if your cloud platform goes down? Is there a protocol for emailing your office if something breaks? If such an attack takes down your website or breaks the links in your email, how will you inform your members that something’s happening?
And when the attack is over, what lessons can you take from the incident to inform your strategy the next time around?
Like hurricanes, snowstorms, or mass transit troubles, DDoS attacks are nothing new. But unlike those issues, there’s a strong possibility that shifts in the online climate could make these issues more frustrating in the future.
However, that doesn’t mean that you should just let these issues ruin your day. Arm your organization with information. And make sure there’s a plan B hanging around.