Ensure that you have a pre-determined response or script for your help desk and customer service representatives to explain that a DDoS attack will not compromise their data.Ensure that you have a proper response plan and know what the roles and responsibilities of each team member.Train and educate your company on the potential impact of a DDoS attack, know your “Down Time” tolerance, and rehearse with your staff your Incident Response and Mitigation Plan.The following recommendations below act as a basic checklist of steps you can take to be better prepared. While it is not possible to be fully insulated from such an attack, research and experience shows that proper preparation for an attack, especially DoS or DDoS can reduce the impact of the incident by as much as 50% or more. Often these web applications have not been secured against application oriented attacks and fail miserably as a result, even when the traffic load is not very high.Īnother major concern is that during an incident, the Denial of Service attack is just a distraction away from the real attack that is often occurring simultaneously and that does not get noticed because the incident response team is busy with dealing the diversionary attack. The Layer 7 attack, which is designed to attack applications, typically uses web servers that have vulnerabilities in the web server operating system or the application running on the web server. The second category of attack is a Layer 7 attack and is quickly growing as a more destructive attack than Layer 3. It often exploits specific vulnerabilities on routers and other equipment so that they cannot handle the load and must therefore be rebooted or cause resource overload with RAM and CPU. The first is a Layer 3 type attack which is essentially aimed at flooding the victim’s internet pipe, routers, and firewalls with massive amounts of traffic.
There are two basic categories of DoS/DDoS attacks.
It’s critical that you prepare now for such an eventuality that you may be impacted by such an attack. DDoS attacks are on the rise and since they continue to remain an effective tool in the hacker’s arsenal, expect for they types of attacks to be on the increase in the coming months and years. These types of attacks have the ability to cripple any organization with an online presence such as home banking, e-commerce, customer portals, etc. The second largest DDoS attack ever recorded was Microsoft Azure cloud service which mitigated a 2.4 terabits per second (Tbps) distributed denial of service attack at the end of August 2021. There were 972,000 DDoS attacks in January alone, which is higher than any other month in 2021. There have been several recent reports regarding “Distributed Denial of Service” Attacks, which are also known as “DoS” or “DDoS” attacks. The attached statement includes references to guidance and publications to assist institutions in mitigating the risks from DDoS attacks.How to Defend Against Denial of Service (DoS/DDoS) Attacks.Financial institutions are expected to address DDoS readiness as part of their ongoing business continuity and disaster recovery plans and to take certain specific steps, as appropriate, to detect and mitigate such attacks.DDoS attacks may be a diversionary tactic by criminals attempting to commit fraud.Financial institutions that experience DDoS attacks may face a variety of risks, including operational and reputation risks.DDoS attacks are continuing against financial institutions' public-facing Web sites.Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions. The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), has issued the attached statement to notify institutions of the risks associated with the continued distributed denial of service (DDoS) attacks on public-facing Web sites and the steps institutions are expected to take to address the risks posed by such attacks. Distributed Denial of Service (DDoS) Attacks Printable Format: