According to security experts, there is an increased chance that media and government websites will be subjected to cyberattacks in the days leading up to and following the inauguration of US President-Elect Joe Biden. BankInfoSecurity reported, “’I expect there is some elevated risk of a cybersecurity attack, especially from those who want to demonstrate the country is in chaos and to undermine democracy,’ says Phil Reitinger, a former director of the National Cyber Security Center who’s now president and CEO of the Global Cyber Alliance.” This cause for concern comes in the wake of the recent sophisticated malware attack on SolarWinds software, which US intelligence agencies have blamed on Russia. That hack has affected numerous state, local, and federal government agencies in the US, as well as private companies and government agencies of other nations.
Who, What and Why?
Attacks come in all shapes and sizes, and can come from any source, from domestic terrorists acting as hacktivists to make a political statement, to lone wolf threat actors, to nation-states. The list of potential targets is long, including high-profile websites, critical infrastructure, hospitals, or medical research centers, etc.
Malicious actors could impact critical services, steal intellectual property, or eavesdrop on national security conversations. The attacks could take many forms, including but not limited to phishing, spear phishing, spyware, man-in-the-middle, malware, ransomware, and, of course, distributed denial of service (DDoS) attacks. DDoS attacks can easily cripple an unprotected website or online service, and they are easy to carry out, especially if launched using a DDoS-for-hire service, making them a popular weapon in the arsenal of cybercriminals. Given the massive botnets that can now be harnessed to launch terabit-sized volumetric attacks, many organizations should now be on high alert.
What to do if you experience a DDoS attack
Unless an organization already has a DDoS mitigation solution in place, it has little recourse in the event of an attack. DDoS attacks can’t be prevented, but they can be prevented from impacting their target, with automated, always-on, real-time DDoS protection. If an organization experiences a DDoS attack without any defense system in place, it is typically too late to fend off the attack
Fortunately, for many organizations, deploying effective DDoS protection does not involve a lengthy vendor vetting, procurement, and implementation process. Many organizations can now obtain highly-effective DDoS protection through their Internet Service Provider (ISP) or Hosting Provider, either as a value-added or subscription service. Providers are increasingly deploying always-on DDoS protection at their own perimeter to defend their networks and their customers. In this way, the providers surgically filter out only the bad traffic, closer to the source, avoiding the need to use service-disrupting blackholes to defeat attacks. Be sure to ask whether that service also provides insight into the attacks so you can conduct your own forensic analysis.
It’s not always easy to find the right cyber defenses, especially without a lot of time or preparation. The ideal time to research cyber defense possibilities is always yesterday, so to speak. If your organization hasn’t yet addressed DDoS protection, today is the day to do so, and, if you are fortunate, you may be able to get it quickly and easily from your Service Provider. For the long term, organizations must realize that even in the absence of heightened political tensions, cybercriminals are always lurking, and seeking new ways to make money or create chaos and you are potentially at risk.