It feels like cybersecurity is dominating the newsfeeds, doesn’t it? There is a reason. Cyberattacks and cybercrime have risen dramatically in the last five years. 2020…
In the past 24 hours, funding website GiveSendGo has reported that they’ve been the victim of a DDOS attack, in response to the politically charged debate about funding for vaccine skeptics. The GiveSendGo DDOS is the latest in a long line of political cyberattacks that have relied on the DDOS mechanism as a form of political activism. There were millions of these attacks in 2021 alone.
Most attacks rely on some new vulnerability being released into the wild, like the Log4Shell vulnerability that appeared in December 2021. DDOS attacks are slightly different. They sometimes exploit known vulnerabilities, but DDOS attacks have another element at their disposal: raw power.
DDOS stands for Distributed Denial of Service attack. They have a single motive – to prevent the target from being able to deliver their service. This means that when you’re the victim of a DDOS attack, without adequate preparation, your entire system can be brought to a complete halt without any notice. This is the exact thing that the GiveSendGo DDOS attack has done.
A DDOS attack usually consists of a network of attackers that collaborate together to form a botnet. A botnet is a network of machines willing to donate their processing power in service of an attack. These machines then collaborate to send a vast amount of traffic to a single target, like a digital siege, preventing other legitimate traffic in or out of the website.
When a single user is scanning your system for vulnerabilities, a basic intrusion detection system will pick up on some patterns. They usually operate from a single location and can be blacklisted in seconds. DDOS attacks originate from thousands of different points in the botnet and often attempt to mimic legitimate traffic. Detecting the patterns requires a sophisticated observability system that many organizations do not invest in until it’s too late.
It is widespread for DDOS attacks to attract more skilled hackers to the situation who are able to discover and exploit more serious vulnerabilities. DDOS attacks create a tremendous amount of chaos and noise. Monitoring stops working, servers crash, alerts trigger. All of this makes it difficult for your security engineers to defend your infrastructure actively. This may expose weaknesses that are difficult to combat.
With enough volunteers, a DDOS attack can begin without the need for skilled cybersecurity specialists. They don’t rely on new vulnerabilities that require specialized software to be exploited. To make things worse, the people who take part in a DDOS don’t need to be technical experts either. They could be “script kiddies” who can make use of existing software, they could be technical experts or, most commonly, they could be people who can navigate to a website and follow some basic instructions.
While we don’t know the details of the GiveSendGo DDOS attack yet, we can assume that this attack, like most other DDOS attacks, is the workings of a small group of tech-savvy instigators and a much larger group of contributors. This means that if a situation has enough people around it, a DDOS attack can rapidly form out of nothing and escalate a situation from a disagreement to a commercial disaster.
There are several common steps that companies take to protect themselves from a DDOS attack. Each of these are crucial defensive mechanisms to ensure that if you do find yourself on the receiving end of a DDOS, you’re able to stay in service long enough to defend yourself.
Content Distribution Networks (CDN) provide a layer between you and the wider Internet. Rather than directly exposing your services to the public, use a CDN to distribute your content globally. CDNs have several great benefits, such as speeding up page load times and offering great reliability for your site.
In the case of a DDOS attack, your CDN can act as a perimeter around your system and take the brunt of the attack. This buys you time to defend against the incoming storm proactively. The CloudFlare CDN has been one of the reasons why GiveSendGo hasn’t completely crashed during the attack.
A Web Application Firewall (WAF) is a specialized tool to process and analyze incoming traffic. It will automatically detect malicious attacks and prevent them from reaching your system. This step should come after your CDN. The CDN will provide resilience against sudden spikes in traffic. Still, you need this second layer of defense to ensure that anything that makes it through is scrutinized before it is permitted to communicate with your servers.
Automated solutions that sit in front of your system will make your task easier, but they will never fully eliminate the problem. Your challenge is to create an observability stack that can help you filter out the noise of a DDOS attack and focus on the problems you’re trying to solve.
Coralogix is a battle-tested, enterprise-grade SaaS observability solution that can do just that. That includes everything from machine learning to driven anomaly detection to SIEM/SOAR integrations and some of the most ubiquitous tools in the cybersecurity industry. Coralogix can give you operational insights on a range of typical challenges.
An investment in your observability stack is one of the fundamental steps in achieving a robust security posture in your organization. With the flexibility, performance, and efficiency of Coralogix, you can gain actionable insights into the threats that face your company as you innovate and achieve your goals.