How To Protect Your Business from Holiday Cyber Attacks
The holiday season brings more users to many websites, for shopping, media streaming, and online gaming. Cyber criminals can use this increase in website traffic to carry out targeted attacks on these websites, causing the site to run slowly, or crash completely. This sort of attack, called a Distributed Denial of Service (DDoS) attack, is on the rise, with the second half of 2021 showing a 43% increase in attacks since the first half of the same year. All holiday seasons where online traffic is increased shows an increase in DDoS attacks being performed against a wide range of targets such as websites and servers for gaming companies and retailers.
The Microsoft Digital Defence Report for 2022 shows trends in DDoS attack frequency from March 2021 to May 2022. Large peaks are seen over the summer holidays in August, and in the October to December holiday period, with a smaller peak seen around springtime holidays in March. The October to December holiday period in previous years has seen an even greater increase in this form of cyber attack. Due to the already increasing traffic to their target websites, cyber criminals are more likely to be able to carry out their attack undetected, as they are hidden by the large amount of legitimate traffic.
What is a DDoS Attack?
Attackers attempt to cause disruption to their targets by overwhelming their resources such as by flooding a website with a large amount of traffic. This causes the website to function poorly or can cause a crash that takes it fully offline. DDoS attacks can be performed by individual devices known as bots, or more commonly by a network of devices, called a botnet. These devices will be infected with malware that causes them to perform the attack by sending a very high volume of traffic to the target website. In November last year, Microsoft’s Azure DDoS Protection Team interrupted and stopped one of the largest DDoS attacks ever recorded, where the approximate 10,000 devices performing the attack were found across multiple countries.
DDoS attacks could have a range of motivations behind them, including financial gain for the attackers. In this instance, the attackers will demand a payment to stop the attack that is disrupting the target website’s functionality, essentially holding the website hostage until they are paid. However, these attacks could also be performed by rivals in order to obtain a competitive advantage such as the targeting of ecommerce sites and other online retailers in order to boost sales on a competitor's site. Targeting sites over the holiday period, when the uptime is critical to the business allows the attackers to demand more lucrative pay outs as the victims may choose this solution over the continued loss of revenue and damage to their reputation with customers that would come from their site remaining inaccessible.
Cyber criminals will also often combine DDoS attacks with other forms of cyber attack, such as ransomware. Known as triple extortion ransomware, a cyber criminal can expect a greater financial reward from combining these forms of attack. DDoS attacks can also be used as a distraction tactic, to keep the IT team busy fixing the website and servers while the ‘real’ attack takes place elsewhere in the system, such as a malware infection, or the stealing of confidential data. The prevalence of all cyber crime is increasing with the introduction of many as-a-service models, where less sophisticated criminals can purchase pre-designed cyber attacks that would be otherwise out of their technical skill set.
How to Protect Yourself from DDoS Attacks
The Microsoft Digital Defence Report for 2022 revealed that so far in 2022 Microsoft have intercepted, prevented, or stopped nearly 2000 DDoS attacks every day. Whatever your business, having an online presence that clients and customers can interact with means you could be vulnerable to DDoS attacks. The best way to ensure that your business is protected from these sorts of cyber attack is to plan and prepare in advance. Once an attack occurs it is too late to start defence preparations. Without effective planning you will not be able to sufficiently deal with the instance of an attack, so some steps should be taken in advance to prepare your business and server environment and come up with a response strategy in the event of a DDoS attack.
The NCSC (National Cyber Security Centre), a branch of GCHQ in the UK, offer an example response plan to help get you started on your defence preparations. DDoS protection services are also helpful in ensuring your business does not suffer this kind if attack. They can monitor web traffic based on expected normal volume of web traffic, send alerts, and can mitigate suspected attacks in real time. Various services exist that perform very similar protections for businesses of different sizes so whatever your budget there will be a solution available that fits the scale of expected attacks to your site. Monitoring the normal traffic of your sites, servers, and applications is especially helpful, as it can make DDoS attacks easier to identify, even in peak times such as the holiday period.
Running attack simulations to test your defences and response strategy can give you a good picture of how your business will respond in the event of a real attack. This will test the roles assigned to staff within your response strategy as well as any mitigation software you have in place and help you to identify any gaps in your defences. In response to testing it is important to fix any identified weaknesses that could put you at risk in the event of an attack. This is also true after the event of an attack if your business does end up falling victim to a DDoS attack. Although moving on quickly may be your initial goal after an attack, it is important to learn from what allowed the attack to happen in order to protect your business from it happening again.
Keeping all the software you use up to date can reduce the risk of vulnerabilities being exploited and help protect your services even further. The NCSC advise that updates including security patches are applied regularly, and that even when automatic updates are turned on that you continue to monitor the software to determine if any additional updates need to be applied manually.
For further help in managing cyber defences, consider Cool Waters Managed Cyber Team. The Managed Cyber Team provides a dedicated team of experts for less than the price of one full time employee to proactively manage your cyber security on a day-to-day basis. We look after your cyber security so you can look after your business.
For a free review of your cyber defences, click here to arrange a call with one of our consultants: https://www.cool-waters.co.uk/lets-talk