If you have young children, or are a fan of Disney movies, you may have seen “Wreck It Ralph 2: Ralph Breaks the Internet,” and noticed that (spoiler alert!) a DDoS attack was the culprit. The film shows at a high-level the impact a DDoS attack can have on an end-user. But how can users – and enterprises – prevent these attacks from affecting their business?
If you haven’t seen the movie, here’s a quick rundown of the scenario: Ralph and Vanellope are two video game characters and best friends living inside an arcade machine. When one day, Vanellope decides she wants to check out the new “internet” the arcade owners have installed, she finds a racing game better than her own and decides she wants to live there permanently.
It all goes downhill when Ralph, her hurt best friend, uses a black market “insecurity virus” in a last-ditch effort to get her to change her mind. The virus seeks out “insecurities” and when it catches sight of the needy aspects of Ralph’s personality, it makes thousands of clones of Ralph. These turn into one large Ralph-like figure that wreaks havoc on the internet, shutting down major websites. There’s even a short clip of a YouTube celebrity angrily trying to access a blank webpage that won’t load.
While not having access to the internet is frustrating, and the thought of hundreds of “Ralphs” flooding the network is a cute way to personify network activity — the reality of DDoS attacks are far more serious. DDoS attacks make it impossible for users to access a website and can cost businesses and organizations thousands of dollars in lost revenue and brand reputation damage. In fact, one recent report from Kaspersky found that the financial impact of a DDoS attack is rising globally, costing enterprises over $2 million on average per attack.
There are three common and dangerous misconceptions about DDoS attacks. This first is that most people/organizations are under the impression that it won’t happen to them, and, as a result, fail to take the necessary preventative measures. Secondly, many believe they can only be attacked by cybercriminals from the outside world when in reality, the threat of a volumetric attack can come from inside their own network. Lastly, DDoS attacks don’t just come from laptops or computers. IoT devices like smart refrigerators, thermostats or voice assistants can also be vehicles to watch out for.
To better safeguard their networks, IT professionals should take a closer look at how they use DNS as a security tool. Not only is DNS the backbone of the internet, but it can also provide organizations with more visibility into the devices on their network and any potential malicious activity they maybe engaged in. For example, if a user has a smart thermostat made by GE, the thermostat will work by connecting and sending data to a GE server on a regular basis, and this uses DNS communications. If the device comes under the control of an attacker and becomes part of a botnet, it can use DNS to connect to C&C servers instead, before launching attacks. (i.e. the thermostat begins deviating from its normal pattern by connecting to a malicious server). Using DNS security, IT and security professionals can:
- detect and block such malicious C&C communications
- look for an abnormal amount of DNS requests – one type of DDoS attack
- and drop DNS requests that are part of a DDoS attack, so that the servers continue to function and connectivity is not affected.
In the instance of the movie, Ralph turns into one large DDoS attack and takes down the internet, which is exactly what happens in a real-world situation. Communication overwhelms the network to a point where it can no longer operate effectively and shuts down as a result. Where the movie deviates from reality, the impact of a DDoS attack far exceeds the annoyance of not having an internet connection. Network downtime is serious and can cost businesses their bottom line as network activity accounts for transactions, logistics and general business processes critical to generating revenue.
Using DNS security, companies can spot Ralphs before they break the internet and cause serious harm to their business.
