2014 seemed to be the year of the hack and whittling away at website capabilities. While some hacks can serve as a mere annoyance to web hosts and their clients, others can be downright devastating for days to come. Such hacks can lead to the release of sensitive employee information and private correspondences, as was the case with the infamous Sony hack. Besides having to deal with the public, hacked companies also have to deal with the legal repercussions and potential damage to their reputation.
Just as there are hacker groups like Anonymous who use their hacking skills for good, there are those like Lizard Squad who use theirs for evil. What’s more is that some hackers aren’t above selling their skills for $6 a pop for an individual to unleash a DDoS attack on an unsuspecting website. As a web host and member of the IT community, you should make it a top priority to learn if your sites are vulnerable to online drive-by attacks and how you can defend yourself and your clients against them.
Marketing With Malice
Towards the end of 2014, a hacker group called Lizard Squad launched a DDoS attack against popular gaming services Xbox Live and the Playstation Network, leaving gamers and users in limbo when they attempted to sign on. Later the group admitted the attack was a type of twisted marketing campaign for a new service they were offering: the ability for anyone on the globe to launch an equally crippling DDoS attack of their own all for $6. For the price of a cup of Starbucks coffee someone could attack any website and knock it offline for 100 seconds. Pay $130 and the site would be down for eight hours.
The group got their comeuppance when they themselves were hacked and the names of their customers were released online. While the $6 hacking tool attracted more than roughly 14,200 individuals, only a few hundred of them actually paid for a DDoS attack of their very own. An excess 11,000 USD worth of Bitcoins were used to pay for the tool. Is it ironic that a group of hackers couldn’t keep the names of their customers safe or just plain lazy? In either case, take a lesson from Lizard Squad and make sure you take preventative and protective measures for DDoS attacks against your sites and web hosting services.
Let the Right One In
There are several things you and your clients can do to protect yourselves against DDoS attacks. The very first thing you should do is learn how to identify when you may be under any kind of hack or attack. Quick action can save you and your clients a severe headache in the future. Express the importance to your clients of learning what their average inbound traffic is so they’ll be better able to identify when their website might be under attack. It’s also a good idea to have a designated individual to respond to such an attack should one ever occur.
It’s also a good idea for you to have more bandwidth than you absolutely need for your websites. Not only is the extra bandwidth good for mitigating the effects of a hacker attack, it’s also a good way to accommodate for an unexpected spike in genuine traffic. While over-provisioning a site by one-hundred percent or ever five-hundred percent won’t be enough to stop a DDoS attack completely, it can most certainly help give you time to formulate a plan of action rather than watch as the walls of your digital Jericho come tumbling down.
After you’ve done what you can to repair and prevent the damage done by an online attack, get in touch with your ISP. If your clients notice the attack before you do, make sure they call you ASAP. It’s best that you have the emergency contact information for your ISP kept close at hand so that you don’t have to waste time scrambling to find it and potentially getting in touch with the wrong department or individual. The great thing about having a web server in a hosting center is that there are more capacity routers and bandwidth links in addition to experienced individuals who know which steps to take during an attack or hack.
If the attack is major enough, it could require the focused expertise of a DDoS mitigation company. Such companies have the resources and expertise necessary to keep a website up and running during an attack. Learn more about these companies now and which are a good match for you and your web hosting needs in order that you can take action as quickly and efficiently as possible should your sites ever come under attack.
Besides focusing on protecting regular websites, web hosts should also make sure websites that are optimized for mobile use are prepared for DDoS attacks. It’s been reported that the newest countries that will start launching DDoS attacks are Vietnam, Indonesia and India. While these countries may not yet have the capabilities to launch an attack that measures up to Lizard Squad’s, they can most certainly focus their efforts on mobile phones. With more and more people doing business and using the internet on their phones, a mobile DDoS blow can still cost a business money both from lost revenue and the money it can take to remedy and respond to such an attack.
Specifically, IT managers and internet security teams will need to make sure they develop and implement measures for multi-vectors attacks in order to avoid outages instead of utilizing volumetric methods. They’ll also need to account for swelling packet volume that can potentially bleed out into their current DDoS protective measures.
Many companies and individuals have become so used to relying on a specific website throughout their day-to-day life that suddenly not having access to that website even for a few hours can completely ruin their day. For businesses, being offline can potentially cost them thousands of dollars if their website is their only means of receiving and fulfilling orders. Keep your IT eyes on the latest developments with DDoS attacks, the hacker groups who seem to be using them the most and the steps you can take to either prevent or properly respond to such an attack.
Top image ©GL Stock Images