Äripäev DDoS attack – our initial comments and tips
Earlier today, one of Estonia’s leading media portals Äripäev/Деловые ведомости (Part of Bonnier Group) got hit by a malicious DDoS (Distributed Denial of Service) attack. Unfortunately, we see more and more of these attacks and there is little which can be done to prevent them. We have asked our colleague, Vladimir Jelov to share some insights and tips in not-so-technical terms.
NB! This is potentially related to a recently discovered Citrix NetScaler vulnerability. If you use that solution – make sure to patch (patch is expected in January) and/or mitigate in other ways. As of the time of writing, Cybers comments are based on publicly available information.
What is a DDoS what makes it so nasty?
This attack is an endless stream of requests against your infrastructure, which seeks to overload bandwidth and hardware capacity. Let’s say that your website and customer-facing systems can handle thousands of “requests” each minute but with DDoS, this number blows up into millions.
This results in failures of infrastructure, potentially leaving the network defenceless against other attacks. Also, this creates a huge business pain, as customers cannot access whatever services they need, employees – their tools etc. The damage, unfortunately, will also take longer to mitigate in most cases, as the entire network may have to be rebooted/reconfigured.
And, unfortunately, DDoS attacks have not only become more frequent but also – cheaper for criminals to use. Our ethical hackers often check out Darknet prices and you can order a 24-hour long DDoS attack for roughly 100 dollars nowadays. E.g. for full 24 hours, nasty bots will bombard www.yourcompanyname.ee making it inaccessible. While at the same time, for another few hundred dollars, hackers will try to get in and inject ransomware and encrypt your servers for future ransom.
But there is something, which can be done though, right!?
As with many things in cybersecurity, it’s mostly a matter of being prepared for the inevitable (you getting attacked). Here are some tips for you to consider:
1. Have a plan and a cybersecurity partner for when you get hit. A partner will hold your hand when everyone is panicking and help you execute the plan. The plan could contain items such as:
- plugging in DDoS protection/scrubbing service (costly but available)
- switching critical services to alternative hosts (e.g. having a disaster recovery site in other hosting environments)
- informing authorities & infrastructure partners
2. Consider adding anti-DDoS or traffic scrubbing service to your security infrastructure
There are a few of those around, Cloudflare being among the most popular ones. Essentially, these will “wash” the incoming traffic, removing the DDoS parts and keeping only “legitimate” ones. These solutions are not perfect and, potentially, ridiculously expensive but they are essential if you are serious about keeping your website up during a DDoS attack.
3. Learn your traffic patterns
E.g. what is the normal every-day traffic and what – abnormal signs of an incoming DDoS attack. This is, potentially, also the cheapest way to fight DDoS. In Äripäev’s case, most of their “legitimate” traffic comes from Estonia, while in most DDoS attacks we see bots attacking from Eastern Europe, Russia, China etc. This means that by “black-holing” traffic from outside Estonia for some time, they could potentially pretend that DDoS didn’t even happen (unless it was coming from Estonia).
Remember, as with most cyberattacks, you must react in a matter of minutes. When disaster strikes, you can´t spend half a day figuring out what is legitimate traffic and whatnot.
This is best combined with the next point.
4. Invest in a Security Operations Centre and/or Network Operations Centre
Both are available as a service, from providers such as CYBERS and make sure that you have 24/7 experts ready to react to a cyber-attack such as DDoS. While costs of such service may vary, for most companies it’s a fantastically cost-efficient solution. According to recent research “cost” of falling a victim to a DDoS attack in Europe is starting from 100.000 eur and gets into millions for larger enterprises.
We honestly hope that Äripäev can recover from this and keep informing our society about the important news. But please, if you are reading this, make sure that your organization is prepared for an attack like this. In these difficult times, losing your online presence for hours or days could hurt your business and reputation. Stay safe!
If you care about the security of your organization and team – please contact us https://cybers.eu/contacts to get a free preliminary evaluation.