ESET helps to identify DoS attacks and shows what to do if you are a victim

They are usually caused by botnets and are used in various ways by cybercriminals. ESET analyzes the main ways to protect environments from these types of threats

A denial of service (DoS) attack is carried out by sending massive illegitimate requests to a server, web service or network, to exceed its capacity and leave it disabled for its users. ESET, a leading company in proactive threat detection, warns that although the acronym may command respect, DDoS attacks are quite simple to carry out and are widely used by criminals. That is why the company analyzes how to identify them and respond to them.

“Over the years in the security market, the position on these types of attacks has changed significantly. Before, companies cared very little thinking about solutions to avoid them, but currently most environments are on alert for these types of threats. This change was caused by several factors, including the evolution of security maturity, both of the environments and of the professionals working in the area, and the change in the way this attack is used by criminals,” comments Daniel Cunha Barbosa, Computer Security Researcher at ESET Latin America.

Currently, DoS attacks can be used in isolation, but they are often used as a complement to other attacks, for example to make ransomware’s demand for payment more convincing, seriously affecting the services of the target company and causing a direct impact on the perception of customers who try to communicate with this service(s). Another point of change concerns protections, it is currently possible to adopt protections for this purpose with significantly lower investments than a few years ago, these protections may even be available in some environments and only need to be enabled.

Detecting this attack is not a trivial task when the environment is not powered by preconfigured solutions to monitor it. Generally, attacks are noticed when someone tries to use the service and identifies slowness or lack of availability. Ideally, the most appropriate detection is based on two main pillars: a technical team capable of identifying periods of stability and the parameterization of security solutions based on the result of this identification.

There are many types of solutions that allow us to confront the attack with a very high success rate

Among the solutions ESET highlights are:

Traffic filtering: A clear example of this possibility of adapting existing solutions to stop DoS attacks is traffic filtering, whether carried out by firewalls that companies commonly already have in their environments or by specific equipment intended for this purpose.

Filters typically use predefined rules to prevent certain types of traffic from being allowed, thus preventing excessive requests from one or more sources, unconventional request formats for certain types of services, excessive packet sizes, and other types of malicious approaches. . A valuable help in blocking of this type is to rely on behavior-based solutions to perform blocking, this will allow legitimate users to access the service while blocking attackers.

Load balancing: Balancing can occur in several ways, either by making more than one Internet link available and rotating their access through DNS settings, or by using a high availability cluster to drive the service. to one of the other nodes if the current node does not respond correctly.

Expert services on DoS protection: Also known as Content Delivery Networks (CDN), these services bring together a series of useful features when it comes to stopping DoS attacks. Among the most valuable are the segregation of access types – mentioned in traffic filtering – only allowing attackers to be prevented from communicating with the service, in addition to an extremely robust network structure capable of withstanding attacks that can reach more of 1 Terabit per second, something difficult to achieve without a specialized structure.

Adoption of cloud services: The transfer of critical points of the internal structure to servers or services in the cloud helps to resist DoS attacks, however, ESET points out that there is no magic solution. The beneficial point is that it is usually more capable of handling a greater amount of traffic, however, it is necessary to ensure that you hire services that offer specific protection against DoS or that allow the hiring of third-party services that are capable of doing so. It is very important to read service contracts carefully to understand the extent of the service provider’s responsibility in the event of an incident and, above all, be aware that cloud contracting does not usually exempt contractors from responsibilities.

Threat intelligence: Among the possible information provided by a threat intelligence process are IPs related to botnets, vulnerable servers associated with cybercriminals, vulnerabilities used for initial access or lateral movement, among many other TTPs. This information can be used as indicators of compromise (IoC) or attack (IoA), and can be inserted into security solutions in order to prevent any interaction from these sources beforehand; in addition to serving as a guide to prioritize which vulnerabilities should be addressed first to prevent attacks.

Continuous monitoring: Protection against DDoS attacks, or any other attack, does not depend solely on inserting some advanced tool into the environment or hiring some extremely specialized service. It is necessary that there be one or several trained people who constantly monitor the available tools and services to prevent an attack from occurring. ESET recommends understanding how the environment works normally and thus establishing baselines for detecting anomalies. Although the task is made easier with good tools, it is essential that there be a person adjusting and improving the performance of the solutions.

Incident response: Define what the first steps to take will be, who will be responsible for each of them and what actions each one will take, who will be the decision makers contacted if necessary, containment and recovery actions, suppliers to be contacted. those who can be contacted for support and all other features that have been planned according to the needs of the business. ESET recommends testing the incident response plan so that the people involved are trained and can carry it out properly in the event of a real incident.

ESET also invites you to check out its podcast, Conexión Segura, to find out the news on computer security:

With information and reference image provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

You might also like