COne can now add Typepad, the blogging service owned by SAY Media, to the growing list of technology companies that have undergone DDoS (distributed denial-of-service) attacks, which crash websites and other online services for what are now days a time.  In Typepad’s case, the company is entering its fifth day under attack, after a series of on and off again hits began just ahead of the long Easter holiday weekend.

As a result of these attacks FICO’s Banking Analytics Blog  was ‘off the web’ for a week because its blogging platform TypePad fell prey to a traffic overload most popularly referred to as a DDoS (distributed denial-of-service) attack. In fact, TypePad experienced a series of such attacks, even receiving a ransom note from the attackers!

The DDoS attacks are not new and unfortunately not going away any time soon. Even worse, the variety of attack methods is getting stronger.  As an example, cyber criminals are perpetrating Network Time Protocols in what’s being called NTP Reflection Attacks. Essentially, they take advantage of a protocol that ensures the correct time on your PC in order to send forged packets that request large amounts of data be sent to the target IP address.

One should remember the old consultative selling line “What keeps you awake at night”?  Well apparently, when recently queried, bankers indicated that DDoS attacks were among their top security concerns. DDOs attacks, while not technically considered data breaches, accounted for 26% of all bank incidents last year, according to the latest Verizon Data Breach Investigations Report.

DDoS attacks were born out of protest by social groups who referred to themselves as “Hactivists.” We accepted this lexicon, and in doing so, we also palmed off these so-called attacks as a nuisance issue that presented only inconvenience.

Today, we may all agree that with every such “nuisance,” there comes a price tag. How do we know that this smoke-and mirror attack is simply a nuisance or passing trend when we hear every day that more and more corporate brands are falling victim to the injection of malware?

How does one attack DDoS?

There are quite a few best practices in play today that address DDoS attacks. FICO recently cited a few in its FICO Insights white paper #72 “Best Practices for Preventing Data Breaches.”  Here is an excerpt from the section on DDoS attacks:

To combat DDoS attacks, hardware-driven solutions are available that can handle a traffic overflow to your domain address, as well as detect other forms of accelerated activity within your secure operating system. Explore options and consider supplementing your current security setup.

Software patches typically leave your secure zones vulnerable when they are not promptly installed. Establishing a patch management system helps mitigate against this risk. You can further reduce the impact of a DDoS by installing a failover mirror website that will handle domain traffic in the event of a surge beyond what your website can handle.

Source: Bankinganalyticsblog.fico.com and Techcrunch