14 DAY TRIAL // Distributed denial-of-service (DDOS) attacks have become highly problematic these days. Hacktivists use them for political purposes, cybercriminals can rely on them for blackmail and to cover up fraud, and companies can utilize them to take out the competition.
On Thursday, the Internet Corporation for Assigned Names and Numbers (ICANN) published a report that provided some valuable advice on what organizations must do in case they suffered DDOS attacks.
First of all, the targeted company must contact its hosting provider. If the network or the service that’s under attack is hosted by the organization itself, measures must be taken to mitigate the malicious attempt.
In the first scenario, ISPs and hosting providers can take some steps to aid an organization in blocking the large number of requests generated by a DDOS attack.
“They will contact ‘upstream’ providers and the ISPs that route traffic from the DDoS attack sources to notify these operators of the nature and suspected origins of the attack. These operators will investigate and will typically revoke routes or take other measures to squelch or discard traffic close to the source,” ICANN’s Dave Piscitello explained in a blog post.
ISPs should be provided with detailed information on the attacks, including duration, the nature of the attack, traffic data, and an assessment of the attack’s impact.
In case hosting providers and ISPs are not responsive or cannot be reached, Computer Emergency Response Teams (CERTs) or Trusted Introducers (TIs) should be contacted.
“CERT/CIRT organizations or TI teams will investigate an attack, notify and share information with hosting providers or ISPs whose resources are being used to conduct the attack, and work with all affected parties to coordinate an effective mitigation,” Piscitello added.
While law enforcement organizations can’t do much to mitigate the attack itself, they should be contacted in case of such incidents. DDOS attacks are considered a crime in many countries and, by filing a report, the victim organizations can help authorities gather information on the attackers.
One last and highly important piece of advice from ICANN is to prepare a DDOS attack response plan before actually being hit.