DDoS in the News: Google, WordPress, & More

DDoS is the more commonly use acronym for a Distributed Denial of Service attack. This sort of attack occurs when malicious actors use a number of computers or devices as their puppets with which they target and attack a victim by sending an excessive amount of traffic to the their networks in order to overwhelm the targeted victim’s server or network with more traffic than it can handle. This type of attack can be devastating to a business not only due to the attack itself, but the consequences that follow it; not only does it overwhelm the company’s networks, slowing down business conducted by employees, but it also affects their external customer sites which can cause a loss of customers or sales during this downtime period. Because these are distributed denial of service attacks, the attack is harder to track down as it comes from multiple devices on a variety of IP addresses.

DDoS is often not talked about as much as ransomware or data breaches, but it certainly can and does affect businesses often. Below we'll take a look at a couple of the recent DDoS stories in the news.

Google Blocks Massive DDoS Attack

DDoS attacks are more and more effective for the cybercriminals perpetrating the attack based on the number of requests per second (RPS) that hit the victim. On August 18th, Google disclosed that it's cloud division mitigated DDoS attacks that peaked at 46 million requests per second. This number of requests has not been seen before, meaning the team was able to ward off the largest DDoS attack of all time. “To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds,” Google product manager Emil Kiner and technical lead Satya Konduru stated.

WordPress Sites Hacked with Fake DDoS

Malicious actors online hacked poorly protected WordPress sites in order to use these sites as pawns in DDoS attacks. A pop-up appears on these sites, requesting that the user clicks a button to bypass the DDoS protection screen. When the user clicks said button, however, it will begin a download of a file called 'security_install.iso,' which pretends to be a tool required to avoid the DDoS verification. Once the user opens the file, which appears to be an application called "DDOS GUARD", the victim is asked to enter a code. When the security_install.iso file is opened, another file called security_install.exe is there. This file is actually a Windows shortcut that causes a the screen to display the fake DDoS code needed to view the site, as well as installing yet another item - the NetSupport RAT, a remote access trojan used extensively in malicious campaigns today.

How to Protect Against a DDoS Attack

While it is difficult to stop a DDoS attack once it is in process, there are some steps you can take to try and lessen the likelihood of a DDoS attack affecting you

• Secure Your Networks — A strong cyber defense is a smart idea regardless for your company or personal use of the Internet, and DDoS prevention is just another benefit that comes from securing your networks. Use strong passwords for all logins accessed while on the network and do not allow just anyone access to your network.
• Backup Your Systems To Stay Operational — Keeping backups of the essential data needed for your company to operate can help to keep your business operational in the event of a DDoS attack. This way if one server is attacked, the backup or redundant servers will be able to take on the extra traffic hitting the network. It is not the perfect solution to handling a DDoS attack, but it certainly can help against this and other types of cyber attacks out there.
• Create a DDoS Recovery Plan — One of the worst parts of a DDoS attack is how long it takes to get back up and running following the attack; of course it is preferable to prevent an attack, but it is also important to prepare for the worst, just in case the security measures you have in place do not hold strong. This is why it is important to have a DDoS recovery plan. When developing your recovery plan, be sure to get some key members involved via the creation of a recovery response team who will be responsible for responding in the event of an attack. These members will need to know who to contact in the event of a security incident and develop a plan of defense strategy to respond to such an incident. Being prepared for an attack will help to determine how quickly your company recovers from it and gets back to business.
• Lessons From Past Attacks — Some DDoS attacks can be shorter in length than you might anticipate, however, many companies have noticed that they are hit with a double whammy not longer after the first attack strikes. Being prepared following an attack can feel overwhelming, but use any attack that you may encounter as a learning experience to avoid future issues.

Image by DC Studio for Freepik.