Last month, one of the biggest DDoS attacks ever recorded hit European networks. Measured at close to 400Gbps (gigabits per second), it topped the last record holder by 33% in power.
For CIOs, the increasing prevalence and power of DDoS attacks should be a big concern – they can send your services offline for hours or days. Maarten Van Horenbeeck, chair of The Forum of Incident Response and Security Teams (FIRST), says the best way to protect against them is for CIOs to strengthen ties with internet service providers (ISPs).
"The victim has little control over the attack, since the issue isn’t with their own network, making it difficult to tackle," says Horenbeeck.
"Businesses wishing to defend against these attacks need to proactively build strong relationships and agreements with their ISPs, which often will be the only party able to block the attack before it reaches the business."
The attack last month leveraged the Network Time Protocol (NTP), which a computer uses to synchronise its clock when it is online. This is sometimes referred to as an amplification attack, because the cybercriminal expends far less traffic than is received by the victim.
Horenbeeck says, though, that there are solutions: "It’s likely that cyber threats of this type will continue to grow in size as attackers identify more sophisticated ways to amplify spoofed traffic in order to overwhelm networks.
"The most well understood solution for mitigating these attacks is for network operators to block spoofed internet traffic from emanating from their networks, for instance by implementing internet standards such as BCP38."