Every day, many companies around the world face small, large or even completely paralysing cyber-attacks. And a major part of these companies only become aware of the vulnerabilities and security risks of their IT systems after they begin to analyse the type of the experienced attack, its route and the impact on the company’s IT ecosystem, as well as the damage to the company’s business in general. Large-scale distributed denial-of-service (DDoS) attacks are particularly popular.

What is a DDoS attack and why is it worth knowing about it?

For some time already we have been familiar with a number of attack scenarios, for example, the sending of infected and targeted e-mails, exploring and exploiting of infrastructure security gaps or architectural vulnerabilities, etc. Such types of attacks require relatively extensive preparation, expertise and resources, but a DDoS attack is fast, accurate, and often achieves its goal – client service, the website or DNS server becomes unavailable. This is accomplished by overloading the client’s data channels, firewall or server capacity, and to achieve this goal, the attacker does not have to conduct in-depth research, as it is relatively easy to find out the IP addresses of a client that provides public services. It is particularly worrying that during recent weeks in several European countries, including Latvia, such attacks have been recorded, the aim of which is to extort funds, threatening to paralyse the company website or other resources important for the operation of companies.

Also in Latvia, companies suffer from DDoS attacks more and more often

In Latvia, companies are increasingly experiencing DDoS attacks, and recently according to quite a similar scenario – a small attack is initially implemented, before or after which a threatening letter is sent to the company requesting payment so that the warning attack is not followed by even larger and more extensive attacks that would most probably paralyse such resources that are important for the company’s operation – the operation of online services, websites, online stores and other types of resources.

If attacking is so simple, how can a company defend itself?

As mentioned above, the most characteristic feature of DDoS attacks is their extensiveness. For example, if a company internet connection is 1 Gbps, it should be noted that the size of a DDoS attack can usually be measured in tens or even hundreds of Gbps. In order for a company to be able to protect itself from this type of attack, a DDoS protection strategy must be developed. It is important to take into account the fact that the IT infrastructure of each company is different, therefore DDoS protection strategies may differ and should be developed by carefully analysing both the company IT infrastructure and the specifics of the services provided in the public internet environment.

Example of a DDoS attack:

What should you do, if an attack has taken place?

If you suspect or know clearly that an attack has taken place, it is important to immediately contact your internet service provider. It is possible that the monitoring system of the service provider detects such types of attacks and can provide detailed reports that can clearly help in the process of analysing the attack and developing a DDoS protection strategy. We recommend you to be informed about the DDoS security solution providers, as experience has shown that DDoS attacks are not accidental and will definitely recur.

DDoS protection is a comprehensive solution

There may be situations when a company has already introduced a security solution, but DDoS attacks tend to vary in their volume, type, tactics or purpose, which is impossible to predict beforehand, and sometimes in the case of an attack, can reveal a new vulnerability in the IT infrastructure that the implemented protection solution does not cover. Keeping such a possibility in mind, it is important to understand that DDoS protection is a comprehensive solution, not a single, specific service. It is also important to analyse the attacks and, if necessary, make the required changes in the infrastructure or revise the defence strategy by adding additional defence components.

As an ICT service provider, Telia also now observes an increase in the number of DDoS attacks of varying scale more often, therefore it offers its customers a number of protection mechanisms, taking the individual IT ecosystem structure of each customer into account.

As the main protection methods for the prevention of DDoS attacks, Telia provides its customers with:

• protection against DDoS attacks, which is implemented at several levels – the first of them being outside the borders of Latvia, thus guaranteeing that the attack will not affect the client’s, or Telia’s infrastructure;
• protection of critical services (WEB, DNS, etc.) using CDN (Content Delivery Network) technology. CDN is a geographically remote server network that not only provides customer service availability in the case of large-scale requests, but also better service reachability for service users in the nearest geographical region. Simply put, this solution will not only perform a protection function, but will also provide a faster and more accessible service to the end user of the client.

It should be understood that the attacks are not made according to previously developed standards, but with a properly implemented DDoS protection model it is possible to make the company aware of such attacks with the help of reports instead of the complaints of its customers about the unavailability of the service.

The Telia team of security engineers is ready to develop recommendations and help with their implementation. Find out more about Telia security solutions here: Telia solutions for IT security

Jānis Kuiva, Head of Data Transmission
Phone: +371 66188888
E-mail: ask@telia.lv