Who can forget the shutdown of the 2016 Australian Census Cybercriminals by a ‘denial of service attack (DoS). DoS is the intentional attack on a website, a network, or online resources to deny access to those who use the system. DoS is not new to the world of cybercrime but is often hard to defend against.
The results of DoS attacks can damage business finances, disrupt business, corrupt accounts, and damage the company’s reputation.
The attacker sends hundreds or thousands or millions of introductions to a server – overwhelming or disrupting its ability to service real users. Simple DoS attacks may only use one IP Address, which can easily be tracked down and blocked by using a firewall. However DoS has a big brother that is a tough one to defend – Distributed Denial of Service, this is what happened to the Australian Census.
Distributed Denial of Service Attack (DDoS)
This type of cyberattack uses multiple infected devices and connections to form a Botnet that is capable of global infection. Many devices and connections can be corrupted by cybercriminals without the knowledge of those who own them. Using these infected devices and connections, the cyber attackers send spam and fake requests to other devices and servers. DDoS attack’s primary function is to make websites inaccessible to the users.
In 2016, Dyn, a domain name service provider, was hit with a DDoS attack affecting the websites of companies it hosts. Dyn’s servers became flooded with so much internet traffic that the servers were overwhelmed, shutting down traffic to 80 websites.
Airbnb, Amazon, Netflix, PayPal, and Spotify were just a few significant sites that were shut down. The cyberattacker’s botnet gained control over easily accessible The Internet of Things (IoT) devices, like DVRs, cameras, printers, etc. The botnet was created from a malicious software known as “Mirathat” and affected over 500,000 devices connected to the internet.
Protection, Protection, Protection – ‘Nuff Said’
Small-Medium Businesses should have in pace appropriate firewalls and security software. You should have a contingency plan on how to respond in 2 scenarios.
- What if my business is attacked?
- What if a key supplier / partner is attacked and my service delivery is impacted?
Have a defined response teams, have a protocol list of who is notified during an attack, install multi-layered security software in place to protect infrastructure and review you security at least annually.
Tip 1: Remember your devices taken over as pawn in DoS attack on a corporate or government department.
Tip 2: A DoS attack on your supply chain can have big impact on you.
The cybercriminal is not going to give up, and you shouldn’t either.