How to prevent your network from being abused in DDoS attacks
Devices that end up in a botnet are not only part of criminal activity, they are also much more susceptible to hacks.
It seems DDoS attacks never go out of style. The Belgian government recently fell victim to a complex attack, and even the popular game developer Blizzard recently had to shut down Diablo 4’s online mode for a while due to a Distributed Denial of Service (DDoS) attack.
What is a botnet?
In a DDoS attack, a botnet simultaneously submits countless requests to a website or network in order to overflow servers and make them crash. Such botnets consist of (hundreds) of thousands of devices that attack their targets like zombies. They include computers, smartphones, tablets, but sometimes they are also poorly secured refrigerators, connected to the Internet. They are usually controlled by a central device that acts as the attack leader (a “Command & Control Server”).
How does your network end up in a botnet?
Devices deployed in DDoS attacks are controlled by a small piece of malware. This usually enters the device via a trojan, phishing attack or as part of software with a malicious (extra) payload. From now on, these devices can be used in attacks without the user even noticing.
Therefore, it is often tempting to think of a zombie device as something fairly innocuous. It does not bother the user; it often does not burden one’s own network and thus has no immediate impact on the functioning of an organization. Yet being part of a botnet can have far-reaching consequences: it makes your organization and network a very easy target for high-impact hacks.
An additional layer of defense is necessary
The software that connects your network to a botnet – in addition to broadcasting malicious requests – often contains additional capabilities. It may have a password logger built in, or the program may actively seek payment information stored on the device. It literally opens the door of a network, allowing hackers to enter without having to first mount an elaborate attack.
With so many new domains being created daily, traditional firewalls cannot guarantee that trojans or other malware will be kept out of your network. The solution to this is to protect your outbound traffic through DNS filtering/protection.
DNS as a defensive wall for your organization
The Secutec SecureDNS solution ensures that all DNS requests are tested against a cyber threat intelligence database fed by thousands of leading sources. This way, the database always has up-to-date information about new attack vectors. If a new domain is not yet known in such a database, it is blocked for security reasons during the first twenty-four hours so that it can be comprehensively analyzed.
If someone in your network tries to connect to a known malicious or unknown domain, that connection is automatically blocked. This way malware has no chance of sending out signals to the attacker, so devices in the network can never connect to a botnet. This also neutralizes its other harmful effects: no kind of data can leave the network if the domain is untrustworthy.
DDoS attacks are never harmless: not for the victims, but neither for your devices if they are part of a botnet. They open the door to larger attacks on your own organization – which can lead to loss of money, reputation damage, intellectual property theft,…
Interested in the possibilities of Secutec SecureDNS for your organization? Register now for a free demo.