On October 21, 2016, a massive distributed denial of service (DDoS) attack caused disruptions to Internet activity throughout the U.S. Exploiting millions of devices connected to the Internet, the Mirai botnet attacked Dyn, a domain name service (DNS) provider in New Hampshire. The attack flooded Dyn with massive amounts of traffic and overwhelmed the DNS provider’s systems. Dyn reported that some of its data centers experienced packet flow bursts 40 to 50 times higher than normal, even with mitigation solutions in place. It’s possible the actual magnitude of the attack was as high as 1.2 Tbps.
As a result, Dyn lost its capability to connect consumers with the websites they wanted to use, which caused disruptions lasting hours for sites including Amazon, Netflix, and Twitter.
Two Ways to Beat a DDoS Attack
DDos attacks have been on the rise for the past few years. The 2015 Verizon Data Breach Investigations Report (DBIR) revealed that DDoS were the most common attacks against financial services businesses, accounting for 32 percent of all attacks analyzed in the report. The report also stated that these sorts of attacks grew exponentially in 2015 over 2014.
When the Dyn DDoS attack hit home in late October, MSPs aware of this trend were able to quickly identify the culprit and switch their customers to an alternative DNS service (e.g. OpenDNS, FreeDNS, Rackspace).
Other MSPs helped their clients by providing backups of clients’ files, so they could work offline until the attacks ended. Companies with no incident response plan —and supporting technologies — in place, however, had no choice but to wait out the attack.
Advanced Security Solutions, Continuous Monitoring Are Must-Haves
DDoS attacks don’t just target large DNS service providers. Some DDoS attacks are launched as forms of protest or to draw attention to an activist’s message. Future DDoS attacks are projected to become monetized, too, targeting businesses in any number of verticals with the objective of extorting money to end the attacks, similar to how ransomware attacks work.
To protect your clients, ensure they are using advanced security solutions designed to defend against DDoS attacks. In addition to next-generation firewalls and routers, load balancers enable MSPs to segment traffic across multiple servers in a network, thereby creating availability and a cloud-based DDoS solution to divert traffic from the attack point.
The Dyn attack also brought to the foreground the importance of securing endpoints and Internet of Things (IoT) devices. They must be continuously monitored to make sure they aren’t infected with malware that can be used to transform them into botnets for DDoS attacks.
The Target on MSPs’ Backs
Don’t ignore the fact that IT service providers are also targets for DDoS attacks. Cybercriminals know system availability is key to your revenue and your ability to deliver services is vital to your customers’ survival. Defending against DDoS attacks requires MSPs to invest in IT security solutions and expertise and to implement incident response plans for themselves. MSPs have the advantage of being able to mitigate costs by dividing them among their customers — who will also benefit by being more secure from the fallout of DDoS attacks.
There are many lessons to be learned from the Dyn attack, including the importance of securing IoT devices and putting incident response plans in place — both for customers and your MSP business. It’s also a reminder that attacks are growing more prevalent and sophisticated all the time. Make the investment in next-generation firewalls, routers, and load balancers, and take proactive steps to thwart DDoS attacks and other security threats.
