July 31 2016

O’ HACK No! Preventing and Mitigating DDoS Cyber Attacks

DDoS Blog WAFRemember that amazing home security system you installed in your house five years ago? While it has done a great job of responding to those middle-of-the-night break-ins, there is still one term that is unsettling — prevention. The issue with a home security system is that it’s reactive rather than proactive. While it will always be important to have the ability to respond and react to any intruders, wouldn’t it be great to take a proactive approach to prevent the burglars from breaking in?

The same concept applies for your website and web applications. The security systems that you should have in place on your web server do a good job of protecting the security of your site when it is attacked. As it also goes for your home, wouldn’t it provide additional peace of mind to know that you could have a system in place that could help prevent a distributed denial of service (DDoS) attack on your site altogether? The proactive solution is the installation of a Web Application Firewall (WAF).

What is a DDoS attack?

A DDoS attack is a malicious cyber-attack that prevents your website and web applications from being accessible to visitors due to an incoming flood of traffic from multiple sources. Since many sources are working together, sometimes thousands of unique IP addresses, it makes it difficult to block single IP addresses and distinguish real user traffic from hackers. This makes it virtually impossible to allow your intended users to access your website and web applications, which can cause major disruption to your business.

The rise in DDoS attacks on the financial services industry

When a distributed denial of service attack happens to a bank or credit union, it can wreak havoc on your business operations and damage your brand reputation. Financial services companies have been the target of DDoS attacks over the last several years and hit their largest peak of distributed denial of service attacks, up 15% in Q1 of 2016 as compared to the last three quarters.

When financial services companies are targeted with a DDoS attack, many firms are faced with the threat of loss of sensitive financial information, data, and significant fraud losses. On Christmas Eve in 2012, a DDoS attack was launched on a regional bank in California which brought down their website for 24 hours. The attackers were also successful at stealing $900,000 via fraudulent wire transfers from a single business account.

It’s now a federal mandate by the Federal Financial Institutions Examination Council (FFIEC) to have an information security program that includes an outline of the risks, and have plans in place to monitor traffic and respond accordingly. They also suggest to share DDoS attack information with other institutions.

Mitigating and preventing DDoS attacks with a Web Application Firewall

DDOS Blog WAF stepsAs the saying goes, "the best defense is a good offense". To truly mitigate and prevent DDoS attacks from happening, you’ll need to add an additional layer of security. While your current server security measures do an efficient job of mitigating attacks, adding another layer of proactive security will help identify and block malicious traffic before it becomes a problem. This is known in the industry as a Web Application Firewall (WAF) which guards your web applications and website against online security threats and exploits with a three-layered approach. First, it assesses all incoming traffic to determine if any seems suspicious. Second, it prevents malicious traffic from entering your environment. Finally, it collects data from other WAF’s to continuously learn and stay updated as it evolves.

As applications and technology becomes more sophisticated, so must the measures we use to protect them. Interested in learning more about protecting your website and web applications from cyber security threats and attacks? To discuss your business’ web hosting security current setup and proactive needs, contact ZAG today.

This blog was authored by Dawn Melesko and Jennifer Hoagland.

Sources

http://krebsonsecurity.com/tag/bank-of-the-west/
http://www.ffiec.gov/press/PDF/FFIEC%20DDoS%20Joint%20Statement.pdf



ZAG Interactive is a full-service digital agency in Glastonbury, CT, offering website design, development, marketing and digital strategy to clients nationwide. See current job openings.