What can DDoS do for Hong Kong businesses
By Linda HuiHong Kong and the rest of the world are becoming increasingly connected electronically, expanding markets and reducing the inefficiencies of doing business across borders. Services can be hosted anywhere and customers served can be from anywhere as the Third World catches up to the First World’s broadband penetration and narrows the digital divide.
According to HKCERT, new information security threats are emerging with an expected rise in Distributed Denial of Service (DDoS) attacks and the spread of advanced malware.1
Without doubt, DDoS has become one of the most popular methods to conduct cyber-attacks in Hong Kong against SMEs and enterprises.
However, one of the biggest challenges we have to overcome in the Hong Kong market is that most companies are not fully aware of DDoS attacks or the threat they pose.
What is DDoS?
DDoS is an attempt to make a machine or a network’s resource unavailable to its intended users by exhausting its resources. An attacker may conduct the attack by exhausting the memory on the application server, filling the network pipes, or through a plethora of other options.
How does DDoS work?
A common method of conducting DDoS attacks involves saturating the target machine or network with external communications queries, so much so that companies cannot respond to legitimate traffic, or to respond so slowly as if the service is rendered essentially unavailable.
In the best case scenario, these attacks would only result in server overload and force targeted computers to reset, or leverage its resources to resume to its normal status. However, if the intruder manages to expose the target’s vulnerabilities, he or she could gain illegal access to its data, or even completely cripple the target’s functionality.
How does Hong Kong businesses know if they were under attack?
To detect if one is under DDoS attack, a company should set up a DDoS protection policy. DDoS protection policies need to study how the application under attack is legitimately used, so the DDoS protection application can know how the computers are accessed.
After confirming that an application is under DDoS attack, the next step in the defense against it is to determine who is attacking the application — or at least, collect whatever information that is avaliable about the attacker’s identity.
A DDoS attack is usually not conducted using a single machine, but rather a network of computers that are from different locations. When a server is under attack and heavy traffic, some of the queries will be from valid users, while others from participants of the attack, and the challenge is to differentiate between the legitimate and the illegitimate queries.
The best way to differentiate the users from the attackers is by distinguishing between the users who access the server with browsers and malicious automatic tools that send requests directly to the application or server.
What should Hong Kong businesses do to protect oneself from DDoS?
- Adopt relevant awareness and protection mechanisms
- Conduct regular information security assessment
- Keep abreast of the latest threats associated with mobile technologies
- Implement proper security measures on computers and mobile devices
The rise of DDoS attacks implies the needs for enterprises to adopt a security strategy to defend themselves. Businesses are advised to start assessing the network infrastructure and preparing a response plan.
The plan should include backup and recovery efforts, additional surveillance, and ways to restore service as quickly and efficiently as possible.
1https://www.hkpc.org/index.php?option=com_content&view=article&id=4219&catid=152&Itemid=326&lang=en