High profile DDoS attacks rang in the new year in full force, starting 2016 with a flood (no pun intended) of activity. The morning of New Year’s Eve, BBC websites and other associated online services went dark due to a DDoS attack. Since the outage, hacker group “New World Hackers” have stepped forward claiming responsibility, indicating that the attack was carried out as a “test of its capabilities”.
New World Hackers continue to draw attention to themselves by targeting Republican presidential candidate Donald Trump's campaign website for a reported “one hour test”.
After learning of the recent test attacks against various websites, I spoke with Dave Larson, COO at Corero Network Security; “While it appears that all targeted web services are back to normal operations at this time, these incidents highlight the need for automatic in-line DDoS protection. DDoS targets can come into the line of fire at any given moment, for any reason at all—even a test case. Without real-time detection and mitigation of an attack, there is no way to prevent service impacting outages.”
Globally, reports indicate that another DDoS attack has successfully shut down the Saudi Ministry of Defense website. Details are still scarce in this instance, but yet another example of DDoS rendering services unavailable.
Dave Larson continues, “Deploying an in-line, automatic DDoS mitigation solution allows security teams to stay one step ahead of attackers. By the time traffic is swung over to a DDoS mitigation service, usually after at least 30 minutes of downtime, the damage has already been done. To keep up with the growing problem of increasingly sophisticated and damaging DDoS attacks, effective solutions need to automatically remove the threats as they occur and provide real-time visibility into the network.”
Perhaps a New Year’s resolution for Network and Security teams should be to reevaluate their DDoS security posture to ensure they don’t become the victims of these malicious attacks.