San Jose, Calif., city officials confirmed a distributed denial of service (DDoS) attack on the San Jose Police Department website and possibly other IT assets, making services unavailable to users. According to reports, the attack began as early as last Thursday, Nov. 5, and was said to be resolved early this week. As a San Jose PD spokesperson acknowledged, this attack is part of a growing trend of cyber-based attacks that continue to increase.
Imperva issued the following commentary and advice that other government agencies and organizations of all types can take from this event.
DDoS expert Tim Matthews, vice president of marketing for the Imperva Incapsula product line, said :
“As events such as the San Jose Police Department attack shows, DDoS attacks can be launched by anyone at any time on any network. In these acts of criminality, organizations can’t tell who is perpetrating the attack. The hackers attacked law enforcement yet remain beyond the reach of the law.
Due to the anonymous nature of these attacks and the growing available technology to perpetrate them, it’s often impossible to detect whether an attack was conducted by a professional, someone who may have a grudge against ‘the system’ or even a disgruntled current or former employee.
How can a government agency or any organization prepare for such an attack? Acompany-wide DDoS response team is a crucial preparatory step toward reducing the impact of an attack. The first step is to identify the various people and departments within your organization who will be in charge of both planning and execution. Your team must fulfill a range of tasks—from identifying and mitigating an attack to coordinating with ISPs, notifying citizens/customers, communicating with the press, and minimizing potential reputation and liability issues.
For smaller agencies or businesses, this may be one or two key staff members. For midsize and larger organizations, an ideal DDoS reponse team would include representatives from the public information office (PIO) or marketing, operations, customer service/support, legal, and IT security. Everyone should collaborate in developing your plan and establishing the roles/responsibilities of each team member—both in terms of planning and execution.
As seen in the recent ProtonMail case,attackers may demand payment in order to stop an attack. We do not recommend paying an extortion request, or ransom demand. First, there is no guarantee that the criminal will honor the agreement. Paying will only identify you or your organization as a mark, and they may come back and ask for more. And once identified as an organization that will pay, others may catch wind and come your way. In general, DDoS mitigation services are available for monthly fees that are less than ransom amounts, much less the cost to your brand and business.”
[su_box title=”About Imperva®” style=”noise” box_color=”#336588″]
Imperva® (NYSE:IMPV), is a leading provider of cyber security solutions that protect business-critical data and applications. The company’s SecureSphere, Incapsula and Skyfence product lines enable organizations to discover assets and risks, protect information wherever it lives – in the cloud and on-premises – and comply with regulations. The Imperva Application Defense Center, a research team comprised of some of the world’s leading experts in data and application security, continually enhances Imperva products with up-to-the-minute threat intelligence, and publishes reports that provide insight and guidance on the latest threats and how to mitigate them. Imperva is headquartered in Redwood Shores, California.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.