July 17, 2017
What do IT admins and business leaders need to do?
According to a recent inaugural IDC-linked Asia Pacific survey, 96 percent of Malaysian companies are still in the infancy stage of digital security preparedness.
Rajagopal steps for IT and business leaders began with an emphasis that "understanding DDOS is very important. I saw some organisations claiming they were 'Safe' as they had a firewall. DDOS is completely a different ballgame."
"There are general three types of DDOS attacks:
- Volumetric based - this is where the attackers step up the amount of traffic to your environment till it chokes your environment and it stops being responsive to legitimate requests
- Application based - the most dangerous of them all! Includes attacks that target vulnerabilities in Windows, Linux, Apache, etc.
- Protocol based - This is where TCP, UDP and other protocols are manipulated and abused to cause a DDOS
"Now in most cases we see clients take up to 3 hours or more to even detect the attack is in progress and most of the smaller attacks are at least 5Gbps or more," he said
"There are many hosted / cloud based DDOS mitigation tools and strategies that I would strongly recommend the organisations to adopt and utilise," Rajagopal said. "The underlying technology behind most of their "DDOS scrubbing services" is GRE (Generic Route Encapsulation), which will basically only channel 'clean' traffic to your environment and disregard all malicious traffic."
"When evaluating such a solution, remember the law of physics," he added. "" If your maximum throughput is 50MBps and you get hit with a 5GBps DDOS, with or without a physical DDOS mitigation appliance, you're still going down. This is where a hosted/cloud based DDOS scrubbing centre comes in handy, as they have an enormous amount of bandwidth to cope up with the growing size DDOS attacks."
"My simple advice is that DDOS is not difficult to mitigate, and it's also no longer a luxury - it's a necessity," said Rajagopal.
CyberSecurity Malaysia urges proactive steps
Dr Amirudin said that CyberSecurity Malaysia has just issued an official alert. This alert advises the following steps:
1. Organisations should start planning for DDoS attack in advance, not to wait until it happens as it is much harder to respond after an attack is already under way;
2. In the event of a DDOS attack, organisations must immediately report the matter to their ISPs for assistance to mitigate the attack;
3. Organisations may subscribe to ISPs who can offer DDOS mitigations services that helps organisations respond during a DDOS attack. Even if there is no formal DDOS Mitigation services provided by the ISP, they should be able to offer the type of assistance to the affected organisation for mitigating the attack;
4. Apart from ISPs, organisations may subscribe with providers who specialize in DDoS mitigation. In which during a DDOS attack, traffic to the victim's network will be rerouted to the mitigation centre where it is scrubbed, and legitimate traffic is then forwarded to the organisation;
5. Check the possibilities offered by Geo-IP blocking. If your customers are predominantly from Malaysia and neighbouring countries, you can predefine a profile that either gives priority to IP addresses from this region or blocks other IP addresses. In the event of an attack, you can activate this profile and thus very quickly increase your options for action and secure additional protection;
6. Notify our Cyber999 of the incident and report it to the relevant authority responsible for cyberattacks;
7. We strongly advise against agreeing to the blackmailers' demands or made any payment of such threats. (Also see the contact points in the Appendix below to report incidents.)