This article is part of a larger piece that recently ran on the NETSCOUT blog. Click HERE to read the original article in its entirety.
DDoS extortion attacks are on the rise and raise the risk profile for organizations that are not prepared. Because such an attack can cripple online applications and services, it is best to protect vital assets by putting measures in place prior to a threatened attack.
Instead of paying the ransom, law enforcement authorities advise that an organization’s money is better spent on putting a strong DDoS mitigation service in place.
Luckily, most DDoS attack vectors and targeting techniques are well-known, which means organizations can prevent an attack by using established DDoS countermeasures and protections.
Here are five steps organizations should follow to ensure their networks are protected from a DDoS extortion scheme:
- Organizations with business-critical public-facing internet properties should ensure that all relevant network infrastructure, architectural, and operational best current practices (BCPs) have been implemented, including situationally specific network access policies that permit internet traffic only via required IP protocols and ports. Internet access to network traffic from internal organizational personnel should be deconflated from internet traffic to/from public-facing internet properties and served via separate upstream internet transit links.
- Critical supporting ancillary services, such as authoritative DNS, should also be designed, deployed, and operated in a manner consistent with all relevant BCPs.
- Upon receipt of any demands for DDoS extortion payments, targeted organizations should immediately engage with their peers/transit ISPs, other organizations providing critical internet-facing services (such as authoritative DNS hosts), and situationally appropriate law enforcement organizations. They should ensure that their DDoS defense plans are activated and validated, and maintain a vigilant alert posture.
- It also is important to conduct periodic testing of DDoS defenses to ensure that any changes to an organization’s servers/services/applications are incorporated into its defense plan.
Organic, on-site intelligent DDoS mitigation capabilities should be combined with cloud- or transit-based upstream DDoS mitigation services to ensure maximal responsiveness and flexibility during an attack.
- Organizations should familiarize themselves with the particulars of previous high-profile DDoS extortion campaigns to better prepare for future threats.