Through the likes of Social Engineering, vulnerabilities, insider threats, etc. a criminal will compromise many internet connected devices to create a Botnet. A Botnet allows a criminal to simultaneously control the devices to co-ordinate a DDOS attack.
Devices that may facilitate a Botnet include computers, printers, smart assistants, smart fridges, smart doorbells. In fact, any device connected to the internet, referred to as IOT (Internet of Things), can be used.
To prevent your devices from becoming part of a Botnet and facilitating this attack, follow our recommended best practices, which can also be found on our Advice Page.
Denial of Service (DOS) attack is a targeted attack that causes disruption to the network by overwhelming a system with requests until it can no longer cope and crashes. DOS attacks involve a single device flooding a system but this method is easily noticed and traceable.
Distributed Denial of Service (DDOS) attacks send requests from multiple devices and are far harder to detect. A DDOS is performed by combining several software applications that run automated tasks over the Internet, known as a Botnet, making it difficult to pinpoint the origin for the attack.
Being prepared for a DOS attack will ensure a speedy recovery. The sooner this attack is identified, the quicker you can respond and reduce the impact it has on your business.
DDOS renders your systems unusable. Using clean backups, you can continue business as usual.
Vulnerabilities make it easier to carry out an attack.
Contain the spread of the attack so part of your network is spared. Importantly, ensure admin capabilities are separate from everyday activity. It is difficult to recover if the admin accounts are compromised.
Prevent unauthorised connections to the network.
To hide your IP (Internet Protocol) address from sight. DOS attacks target IP addresses.
Cloud providers have the software in place to handle DDOS attacks. It also makes it much harder for criminals to target a specific business.
Default settings are not always applied with security in mind. Take time to enable security settings as applicable and disable all that offer no benefit to the business or usability of the device.