On Tuesday, February 10, a number of Dutch government sites fell under DDoS attack and were taken offline. Throughout the Netherlands, it was quickly discovered that any potential backup plans for such attacks were lacking at best. Government and parliament members were forced offline, but fortunately a number of other services (including healthcare and police) operate under a different system and weren’t impacted. The total outage lasted seven hours, which was a full business day of scrambling to recover from the attack while simultaneously trying to figure out how the hackers got in.
It was a hard lesson that could have been prevented by keeping an eye on the attacks of 2014 and making adequately security changes. According to the government site’s web host, Prolocation, “The attack has been a complex problem” and phone lines went down. “The initial symptoms pointed first to a technical problem, but it then emerged (that) we were facing an attack from the outside.” The majority of the hosting infrastructure is located in Amsterdam. According to a member of the Government Information Service, Rimbert Kloosterman, “Our people are investigating the attack together with the people from the National Centre for Cyber Security. The complexity and size of the government’s many websites had rendered the backup useless.”
Who Was Impacted?
It wasn’t just government sites that went down, as Dutch officials state that there were a few non-government related sites depending on the infrastructure. It’s been reported that regering.nl was taken down, as well as the Telfort telephone company and Geenstijl blog. A similar attack happened in 2013, but it seems any efforts to prevent such an outage wasn’t enough. Plus, the Netherlands are far from alone when it comes to battling DDoS attacks. Around the world, such attacks have been taking place and web hosts/site owners can’t seem to keep up with preventative measures.
On the same day as the Dutch attacks, the US announced the debut of Cyber Threat Intelligence Integration Center (CTIIC), which is a cybersecurity agency created solely to collect thread data, analyze the possibility of an attack, and keep track of any threats. Hopefully this new agency will decrease the amount and damage of attacks in 2015, but it’s still too soon to tell.
Preventing DDoS Attacks
There are many ways DDoS attacks can happen, but one of the most effective routes to prevention is via more bandwidth. The more servers, the more datacenters, and the better load balancing, the lower the risk for DDoS attacks. Unfortunately, that’s a costly solution for many companies, so another option sis considering the DNS server. It should remain locked (not as open resolver). It should also be protected via a similar load balancing as web resources.
Routers should be dropping junk packets, firewalls should be maintained and strong, and items like ICMP should be blocked if they’re not necessary. Consider caching servers to up the amount of static content, and make sure there’s a plan to usher in static resources for dynamic ones in a pinch if necessary. Most importantly, make sure you’ll be notified the second an attack begins. For many website owners, these are all issues that should be handled by your web host—which is one more reason why researching and choosing the best host for you is critical.