How to protect yourself from a possible cyber attack – government announcement
On March 18, 2024, the Government Plenipotentiary for Cyber Security published a communiqué in connection with the increase in the threat of DDoS attacks, providing guidelines to minimize the impact of a possible cyber attack.
DDoS attacks – what are they?
Distributed Denial of Service (DDoS) attacks target websites and servers by compromising network services in an effort to drain application resources. Those preparing these attacks flood the site with misleading traffic, causing the website to malfunction or take them completely offline. The attacks cause temporary unavailability of ICT systems or extortion of funds.
In the case of a DDoS attack, a wide variety of computers and network devices are used to block access to a site by overloading its query. These attacks can also be used as a form of blackmail, demanding a ransom from the site owner in exchange for restoring the server’s normal operation. To prevent such attacks, there are various methods of protection, such as the use of network security systems or hosting services that offer special tools to detect and block DDoS attacks.
Keep in mind that it is not only large corporations that are vulnerable to DDoS attacks. Small businesses and even private users can become victims of this type of activity. That’s why it’s important to be aware of the risks and take appropriate precautions.
One way to protect against DDoS attacks is to use a so-called “firewall,” which is a special software or network device that controls traffic entering and leaving the network. A firewall can be configured to block unwanted inbound requests to a server and protect it from being overloaded.
Ministry of Digitization recommendations – a set of good practices
In light of the increased threat, the Ministry has issued a communiqué stressing that every business owner should familiarize themselves with a set of good practices developed by the Office of the Financial Supervisory Commission.
The FSC has developed a list of good practices, which include:
Active management of routing | Internet connection structure | CDN (Content Delivery Network) |
Bandwidth redundancy | Bitrate of the link | Blackholing |
BGP flow specification (flowspec) | Cleaning center services | Cloud solutions |
Inline solutions | Network traffic filtering | Control-plane policing |
Proper hardware sizing of network devices | Load balancing and network traffic proxying | Captcha and DNS |
In addition, each enterprise should have specific procedures in place, such as procedures for contacting telecom operators, for crisis communications, identifying the key people needed to take action in an attack situation, and for communicating with the national CSIRT team.
Moreover, the organization should define and then implement a schedule for regular and cyclical testing of infrastructure resilience and testing of internal procedures.
The FSC further notes that attacks can be used to divert attention from other attacks or criminal activities, so every organization should provide infrastructure security monitoring services.
Summary
There are no ready-made and fully responsive solutions, so this type of threat should be approached systemically in terms of designing the entire technology chain to deliver multi-layered protection.