Roses are red, violets are blue, beware of the cyber-criminal out to get you

For anyone currently romantically involved, you’ll be acutely aware that it is just over a week until Valentine’s Day.  And while this day of romance may seem to border on the trivial, it’s a big money maker. According to the National Retail Federation, Valentine’s Day contributes $18 billion to the US economy, making it very serious business for the retail sector.

But it isn’t just the retailers that will be looking to cash-in in the run up to February 14^th – cybercriminals too will be looking to exploit this busy, and highly lucrative, trading period.

Always on the lookout for new ways to disrupt organizations and make a quick buck, in the run up to Valentine’s day, cyber-criminals have, in the past, targeted one of the least likely targets:  florists.

This may seem surprising yet in 2016 researchers found an increase in DDoS attacks specifically targeting florists in the run up to Valentines day, while in 2017 there was a spike in record-breaking attacks on all retailers before Valentine’s Day.  

In the past, hackers used DDoS attacks, a relatively uncomplicated method, to disrupt and bring down a website. However research published in late 2017 revealed that there has been a 27% increase in breach incidents in conjunction with DDoS attacks. What we’re seeing is that attackers are utilizing DDoS as a diversionary tactic – basically using a DDoS attack to provide ‘covering fire’ for cyber criminals looking to infiltrate the network through other access points. After launching a DDoS attack, while the IT team is focused on keeping the website up and running, attackers are probing the network for potential vulnerabilities and stealthily entering the network either directly or via a third-party partner, such as a retailer’s payment processing partner.

Avoid DDoS heartbreak

So what steps you do to avoid heartbreak this Valentine’s Day?

First you may want to consider having a specialized anti-DDoS solution in place. Many of the leading firewall appliance vendors offer anti-DDoS modules, that can be deployed at the perimeter of your network or data center. These are designed to detect and filter malicious traffic. However, these are not automated and need to be constantly managed and updated.

Second it is critical to be able to quickly detect that you are under attack, and have a procedure in place to deal with it. It can be difficult to distinguish between illegitimate and genuine traffic, but the typical signs of a DDoS attack are a sharp increase in traffic to your website followed by a slowing down of performance (there are services that can continuously monitor your website’s responsiveness from an external point of view)

In addition to these pre-emptive measures, you can try and mitigate a DDoS attack once it is underway. So, if you are experiencing a DDoS attack contact your internet service provider immediately, as many can provide DDoS protection such as blocking the originating IP addresses or ‘scrubbing’ malicious packets. Furthermore, your service provider is likely to have greater bandwidth and therefore greater capacity to help you deal with the attack effectively.

There are also a couple of counter-measures that you can take.

Filter and Segment – Set up your routers and firewalls policies to filter non-critical protocols, block invalid IP addresses, as well as shut off access to specific high-risk segments of your network in the event of an attack. These techniques are highly effective against simpler attacks but less so against more sophisticated DDoS attacks that use spoofing or valid IP addresses.

Tie Cyber Incidents to Business Processes – Integrate your SIEM solution with your security policy management solution, so that whenever the SIEM identifies a suspicious incident, your security policy management can enrich the data provided by the SIEM with visibility and information about the business applications impacted by the incident, as well as map the lateral movement of the infection. Once identified, the security management solution can mitigate the risk of a cyber-attack by automatically isolating any affected (or potentially affected) servers or devices from the network.

Replicate and Divert – Use a content delivery network to create replicas of your website for customers in different locations can help reduce the impact of the DDoS attack as well as make the extra DDoS related traffic easier to combat.

While there is no silver bullet – or ‘Cupid’s arrow’ – for a DDoS attack make sure you have a plan in place to avoid any unnecessary DDoS-related heartbreak.

Happy Valentines Day everyone!