The din of increasing nation-state attacks begins
On Friday October 21 of this year, three major DDoS cyberattacks on Dyn, a cloud Internet Performance Management firm brought down a number of large websites including Amazon, Twitter, Etsy, Github, Vox, Spotify, Airbnb, Netflix, and Reddit for various users who could not pull up the sites. Dyn manages DNS, optimizes applications, and speeds internet traffic for sites like these. The impact of the attacks spread from the U.S. east coast to Europe.
Experts suggest that probable nation-state hackers have been using attacks like these to test internet sites to see how resilient they are in order to determine what it would take to level them more completely. I suspect the end game is to topple these sites for longer periods and on a grander scale in order to own them, cripple the internet, nations, and economies, and make off with priceless intellectual property. With billions of IoT devices that are not secure and that hackers can easily add to large botnets using malware such as Mirai, it is becoming increasingly conceivable that nation-state hackers could do just that. There are no easy answers for nation-state DDoS attacks and what could follow them. You’ll find some of the best answers that do exist here.
How to prepare for future attacks
Attackers using botnets can bring DDoS onslaughts that are much larger and more overwhelming than most websites' own resources can handle. It takes an internet bodyguard of sorts that is broad and muscular like those attacks are in order to fend off their venomous traffic. Large internet backbone, big bandwidth internet providers and telcos can reroute traffic coming to large websites, weed out and remove DDoS attacks, and forward good clean traffic on to the site. These providers do offer these services. As these DDoS attacks become more common, large internet enterprises will have to determine what costs them more, these services or the attacks.
There are other services that specialize in DDoS attack protection, detection, and response as well. These companies can inspect packets in the traffic in real-time using fine grain analysis. They can sort out the desirable users, IP addresses, and user and traffic behaviors from the malicious ones. Using a baseline of expected users, internet addresses, and network activity where you know what traffic you have solicited, what IP addresses are known good, and what behaviors are typical, these services can help you drop and block connections that reach the threshold of being probable attacks.
Regular pen testing by a sharp white hat hacker who is always current on the latest attack techniques, plans, and initiatives of black hat hackers is critical. This will help you identify the security holes that you must then close and heavily arm with defenses. This will go a long way to protect your customer data and intellectual property for times when those nation-states leverage massive DDoS attacks in order to go after your prized electronic possessions.
Learn more about Reasessing Your Cybersecurity Posture here: