A really common way of attacking a company’s online presence. These days is through what’s called a denial of service attack,
News Clip: (00:06)
60 million gamers. That is how many PlayStation and Microsoft Xbox customers are affected by this attack. The hackers bombarding, the company’s online gaming servers with so many requests. They simply shut down.
Welcome to cybersecurity demystified, where we explore the cybersecurity risks that your small or medium sized business can face and give you some easy, actionable advice to make your business more secure. My name’s Ashley and I run a small business and I didn’t take cyber security seriously until my business was hacked. My name is Dominic. I’m helping small businesses by using the experiences that I’ve gained in the corporate security world. Okay. So this episode done, we’re talking about denial of service attack. So this is a cyber security issue that I have heard about it does come up fairly regularly in the press. Doesn’t it? Yeah, it does. You may have heard of, uh, you know, the labour party got hacked just a couple of months ago during the 2019 election. No, I didn’t know. I mean, they didn’t actually, they didn’t actually disclose what services were taken down.
Um, but it’s believed that some of their campaigning and advertising services were, were impacted.
Picking up on that. So what can some of the impacts be from a denial of service?
I mean, is it as simple as your website going down? Well, that’s the easiest and most obvious one to take down. Um, but it could also affect your email, uh, your ticketing or payment systems. If you have them pretty much any service that’s on the internet can be, can be brought down for a denial of service or a more advanced distributed denial of service attack.
What’s the objective with hackers doing that because there’s not financial gain. If you’re pulling something down, is it just to be a nuisance?
Normally it’s purely malicious. The initial reason for a for a dos attack or a DDoS attack was to take a service offline. There are some, some more sophisticated attackers now that are using that to take down, um, security services and security systems. And then to use that, that period where the, where you’re under attack to steal data or to access systems, they shouldn’t be able to access. It’s a very easy way to take down any service that’s on the internet. Um, you know, in theory, you could take down traffic lights and city management services through a dos attack of some kind,
How common is this? As a small business. I don’t know is it something that I should really be worrying about?
So I don’t, I don’t know the stats formally, but I’d suggest that the large majority of hacks that we hear about have some form of DDoSs element to them.
And it’s incredibly easy to do really incredibly easy. There are services that you can purchase on the dark web for pennies, literally for, for a few pennies, uh, that we’ll target and use, uh, use what’s called a bot net, uh, network of zombie computers that have been infected with viruses. You can purchase them and say for a few pennies at a time and target every single one of those machines at whoever it is that you want to target with no, no technical skills or knowledge at all.
So there’s a point in this about power and control.
Yeah, this is, this is not, this is not advanced hacking. Uh, this is a very crude way of attacking somebody.
This is something I’ve heard about with companies and their websites, but it was also doing some reading and there have been denial of service attacks that have been trying to target DNS servers, for example. So I like the address book of the internet.
Yeah. So certainly, uh, a sort of state level here, uh, where they’re, they’re more interested in causing havoc or cyber-terrorism, you’ll find people will attack the, the infrastructure of the internet, the plumbing of internet, the thing that makes the internet work. And, and some of those in the past have actually been very successful.
You said about how easy this is, but is there anything you can do about it to stop it from happening to you?
Yeah, there are services you can now sign up to that are designed to mitigate against these DDoS attacks.
How do they do that?
They act as a filter before traffic is able to reach your website and they will identify who and where the request is coming from. And if it’s seen as malicious, or there are too many requests from the same IP address, they’ll just drop that traffic before it hits your website.
Right. So you’ve got these services that filter. Is that something that is open to small business?
They’re certainly available to anybody that wants to sign up to them? The big names of people like CloudFlare, uh, that you can, you can sign up online. It will take a little bit of technical knowledge to understand and to configure, but it’s not out of the reach of a small business.
Thanks for listening. Dom and I are the cofounders of cyber alarm, which is a cybersecurity platform designed specifically for small to medium sized businesses. And in terms of this area, Dominic, it’s not something we cover as a business, but what’s your take on how we’re helping?
Well, Cybersecurity is a multilayered solution, right? There is prevention there’s monitoring and alerting, and then there’s response. And we sit firmly in the monitoring and alerting space. We try and be very helpful and we want to help small businesses guide them towards better security practices and better safety online.
I guess that’s why we’re doing this podcast.
That’s why we’re doing this podcast.
We’d love to hear your thoughts on the show, or if you’ve got any questions you’d like us to tackle in future episodes. Please email firstname.lastname@example.org.