A major infrastructure provider in Quebec.
Canada’s gas pipeline infrastructure.
Recent reports of cyber incidents have shown that no Canadian organization is immune from the threat of a distributed denial of service (DDoS) attack.
DDoS attacks pose a significant challenge for Canada. They threaten to knock websites offline, disrupt services and seriously slow down organizations of all sizes.
“The recent reports of distributed denial-of-service (DDoS) attacks are stark reminders that, from critical infrastructure providers to the highest office in the land, no entity is immune from cyber threats,” said Jon Ferguson, General Manager of Cybersecurity and DNS Services at CIRA.
“The question has become when, not if.”
There are steps Canadians can take to protect against DDoS attacks—both at home and at work.
What is a DDoS attack
DDoS attacks are an attempt from cybercriminals to disrupt websites and other online services.
Frequently, it involves sending loads of illegitimate traffic to a website to overload its resources and knock it offline.
DDoS attacks can take many forms—some focus on knocking individual servers and services offline and other target core infrastructure like the domain name system (DNS).
Think about it like this: most organizations are prepared to handle a baseline level of “legitimate” traffic to a website or application.
However, they are not ready for that to be multiplied (sometimes by hundreds or thousands of times), as is the case with a DDoS attack.
Unfortunately for victim organizations, these attacks can happen swiftly, and often unexpectedly.
How to combat DDoS attacks
What can organizations do to combat these types of threats?
DDoS scrubbing and soaking
DDoS scrubbing and soaking is one of the simplest and most effective methods for combatting a DDoS threat.
Traffic scrubbing is an effective method of reducing or eliminating DDOS attacks. This involves filtering traffic through services that aggregate lists of websites or IP addresses that are known to be harmful. The clean traffic in turn gets passed to its originally intended destination.
This is a solution that organizations can invest in which allows them to divert, block or otherwise thwart illegitimate traffic from visiting a site or other application so that legitimate users can continue to flow through.
CIRA provides DDoS scrubbing and soaking for DNS traffic through its Anycast DNS solution.
Adopt a layered approach to cybersecurity
It’s easy for organizations to think they are protected against DDoS attacks because they already invest in another cybersecurity tool.
As anyone who has ever gone outside on a minus thirty-degree day in the middle of January can tell you, only one layer is not enough. Putting on some long underwear, though, can make all the difference between a pleasant winter walk and a frostbite nightmare.
To extend the metaphor further: protecting against different types of weather requires different layers. For a rain storm, a waterproof jacket and umbrella are ideal. For a windy winter day, a balaclava is what you need.
It’s no different for DDoS protection: you need to have different layers in place to protect against different attacks.
At its core, the strategy for protecting against DDoS attacks is no different than protecting against other cyberthreats: a layered approach is key.
A layered approach to combatting DDoS attacks can mean a number of different considerations.
For example: to mitigate risks to DNS-based attacks, operators can adopt a secondary DNS solution.
Many organizations may think they are protected against DDoS attacks because they have a primary DNS solution.
Adding additional service capacity, for DNS or otherwise, reduces single points of failure and spreads risk.
If you only have one vendor, for example, all your services might go offline if a cloud vendor goes down or is attacked. If you have multiple vendors, you are better able to deal with one going offline.
Sometimes organizations will benefit from a larger set of threat intelligence and mitigation techniques employed by different vendors. Different vendors provide different protections—by combining them you can be more confident in your overall preparedness.
Another consideration is geographic.
Canadian organizations benefit from investing in Canadian-specific technology (even, or perhaps especially) if it’s being combined with solutions from elsewhere. This is because each country faces unique cyber threats based largely on geopolitical and economic factors. The threats Canadians face are different than those faced in other countries.
This is the case with CIRA’s Anycast solution, which provides Canadian-made and -delivered protection against DDoS attacks.
Prevent botnet attacks in the first place
DDoS attacks rarely have a single point of origin. Cybercriminals rely on infecting a wide array of other devices with botnets and other malicious software to launch DDoS-fueled takedowns of the targeted infrastructure.
Botnets can quietly proliferate over long periods of time by entering a weak point in a network, such as an insecure IoT device, and then spreading widely to other devices, before being activated to send malicious traffic to overwhelm the target.
For example: a cybercriminal might activate an attack it has launched against a series of devices, causing botnets and malware to begin working in the background of a series of phones or laptops. These cybercriminals would then activate those attacks to secretly send traffic illegitimately to a target website.
Everyone can help make DDoS attacks less viable by putting protections in place against botnets in the first place.
One of the simplest solutions that we here at CIRA believe in: protected DNS.
By blocking harmful cyber threats automatically through filtering out malicious traffic, protected DNS is a layer of cybersecurity that can protect at both household and organizational levels. This works by blocking malicious software from being able to connect to known bad places and command and control services—this can prevent devices that were previously infected from participating in attacks.
For example: CIRA offers two solutions that protect against botnets using protected DNS.
CIRA DNS Firewall provides protections for organizations, while CIRA Canadian Shield protects households. These solutions can protect office and home environments while also deploying on mobile devices for when people are out and about.
Prevention is worth a lot more than recovery. If everyone—both in their home and work lives—takes steps to combat botnets, it will make Canadians and organizations a lot more secure. After all, the saying goes: a chain is only as strong as its weakest link.
Conclusion
The bad news: DDoS attacks aren’t going away.
The good news: the steps you can take to protect against them are readily available.
By putting some simple measures in place, you can ensure you are protected.
Ready to step up your DDoS protection?
Mark Brownlee is a Product Marketing Manager with CIRA Cybersecurity Services. His work, which focuses on the CIRA DNS Firewall and Canadian Shield products, is dedicated to helping protect people and organizations in Canada from cyber threats. His background is in marketing strategy, communications planning and advertising best practices.
- [email protected]
