31 May Denial Of Service Is A Growing Threat: How Can You Better Protect Your Business?

Earlier this month, I wrote on the changing face of cybersecurity, and last week I wrote a blog on recent high-profile security attacks, and what lessons we can take away from them. Today, as part of our ongoing series on security, I wanted to take a deeper dive into the different kinds of Denial of Service attacks (DoS), and what enterprises need to do in order to better secure themselves from this growing threat. We’ve touched on the topic a few times in the last several blogs, but there’s a fair amount more to chew on here.

Three kinds of DoS- classic, DDoS, PDoS

First off, there are three different main variations on DoS attacks, all of which are distinct from traditional data theft or information loss (though those attacks may happen as a result of DoS). While the industry tends to disagree a bit about the proper acronyms to use, the underlying concepts are widely agreed upon—here’s the rundown, using the nomenclature we typically use at Moor Insights & Strategy. First, the classic Denial of Serviceattack, referred to simply as DoS. This attack refers to when a server made inaccessible by either overloading it with traffic, or compromising the firmware. A slight twist on this is that sometimes a server with compromised firmware can technically still be available, but being used simultaneously by a baddie for criminal purposes. This is a particularly sinister threat, because users might not immediately realize that they’ve been compromised. 

Next up, we’ve got the Distributed Denial of Service, or DDoS. This form of DoS occurs when a server is attacked from many different locations—making it incredibly difficult to pinpoint where exactly the attack is coming from. You’ve probably been hearing lot about this one—the recent gigantic Mirai-Dyn attack falls under this category. In that case, experts believe that the Mirai bot targeted IoT devices with unsecured IoT devices and out-of-date firmware, and transformed it into a huge botnet that overloaded traffic into Dyn. This was one of those attacks that we in the industry see as a harbinger of things to come—with the proliferation of IoT and edge devices, the threat surface is growing and becoming increasingly vulnerable to attacks of this nature.

The third, and final form of DoS is what we call Permanent Denial of Service, or PDoS. This occurs when a server or device is compromised (often at the firmware level), to the extent that it becomes impossible to recover. No way to revive it back into operation, just plain dead. Referred to colloquially as a “brick,” these sorts of serious attacks are on the rise. In an interesting twist, there’s a new malware strain that’s popped up that seems to be intentionally “bricking” unsecured IoT devices—seemingly to take them off the table to prevent the spread of Mirai-like malware. It may be the work of a well-intentioned vigilante, but it’s still PDoS and a huge headache for those who are being permanently iced out from their devices.
What can you do to better protect yourself?

As we’ve discussed before, security is a constantly moving target and the players, techniques and remedies change over and over. Compute clients and networks were the soft spot five years ago but now it’s the server. Hackers go after the soft spots.

First the obvious—businesses need to make sure their firmware is up to date, and make sure all the default passwords on their devices have been changed. These common blind spots are known to cyber-criminals, and they will be taken advantage of. But as I’ve written before, security measures must go deeper than that—they have to be incorporated into the blueprint of their products, down to the hardware and firmware. For an enterprise to truly be secure, it needs to beef up measures on all fronts—hardware must be strengthened, AI should be leveraged to quickly and more effectively detect anomalies, and encryption must be extended to the component level. If an enterprise’s security strategy is not holistic, it’s not a matter of if a cybercriminal will breach its defenses, but when. These measures will do much to protect enterprises from DoS attacks, as well as more traditional threats. 
Last but not least, security must be extended to partners and the supply chain.  This is an area that is often overlooked from a security standpoint and vulnerable. Access to firmware must be strictly controlled every step of the way. Enterprises have to properly vet and verify the companies they do business with to make sure that they are not exposed to malware and counterfeit materials at any juncture. Even Apple reportedly via Ars Technica, fell victim to an attacker on the supply chain level—a fake firmware patch made its way in via Supermicro, a server supplier (which you can read about here). Even the biggest, most secure companies are struggling with this blind spot, and that has to change.

Wrapping up

DoS attacks are ramping up, and it’s important to know what they are and how they could potentially affect your enterprise. They can kill productivity and cause massive down time, such as the Mirai-Dyn incident, or they can open the door to data theft and information loss and even ruin your hardware. Right now it’s a hacker’s playground out there, with unsecured devices popping up left and right and most enterprises still struggling to devise effective, holistic security strategies to address the expanding threat surface and changing characteristics. This is a problem that’s only going to get worse unless the right measures are taken, and soon.