enterprisesecuritymag

DDoS Attack... for Dummies!

By Thierry Derungs, Chief Digital Officer, BNP Paribas Wealth

Thierry Derungs, Chief Digital Officer, BNP Paribas WealthThierry Derungs, Chief Digital Officer, BNP Paribas Wealth

DDoS attack shuts down key FinTech Sites

But be cautious with "big titles" like in this article it could make you thinking that these FinTechs are weak... Understanding exactly the kind of attack is important. In this case, it was not the FinTechs' infrastructure which had been successfully attacked but the way to access.

"All internet sites have an IP address which almost no common user could remember"

Indeed, what is DDoS? DNS Deny of Service... Still unclear? Just follow me.

DNS is for Domain Name System. All internet sites have an IP address which almost no common user could remember. So with put names on them: the URL. And the root of the URL is what is called a Domain. Managing Domains names is done by a set of companies known as DNS service providers (the modern internet equivalent to the good old paper phonebook).

What is Deny of Service? It is "just" attacking you through some heavy solicitations. Imagine yourself... one person speaks to you: no problem to understand him. A second person speaks to you at the same time: difficult to follow the first one but still okay. Now, ten persons speak to you at the same time: you do not catch any conversation anymore, even the one you were having with the first person. You suffer a DoS... Over solicitation on your service (understanding a conversation) has just stopped it.

And now... what is a DDoS (DNS Deny of Service)? Imagine you organize a big party at your home and sent your GPS coordinates in the invitation. Everybody is on the road to come but suddenly GPS is crashing... No one can find you anymore; you will be alone at your party... Was your home door broken? Or unsafe? Not at all... the weak point is the GPS and the fact that it was the only mean to find you...

Can you do something against a DDoS attack? Of course! In my example, you should have provided also in the invitation your address and even a paper map. If the GPS crashes, people have an alternative to find you. So you will enjoy your party with all your friends!

Coming back to the article, the attacked FinTechs should have at least a second DNS provider. Indeed, it becomes much (much much) more difficult to attack successfully several DNS providers at the same time... This allows them to keep ways to drive your users to your door, even if one DNS provider goes down.

As you could see, cyber security is key and is a wide and complex topic. Have you even thought one day that to secure your birthday party, you have to worry about GPS's liability?

Weekly Brief

Read Also

Automate, Orchestrate, and Delegate

Automate, Orchestrate, and Delegate

Ian Hill, Global Director of Cyber Security, BAM
Becoming a Leader in Enterprise Security

Becoming a Leader in Enterprise Security

RANDY RAW, VP of Information Security, Veterans United Home Loans
How Blockchain can Support Future Industrial Evolution

How Blockchain can Support Future Industrial Evolution

Odile PANCIATICI, Blockchain Project VP, Groupe Renault
How Modernized Encryption Standards and TLS 1.3May Impact Your Security Strategy

How Modernized Encryption Standards and TLS 1.3May Impact Your...

Ben Schoenecker, CISSP, Director of Information Security, Hendrick Automotive Group
IT Security: A Practical Approach

IT Security: A Practical Approach

Christopher McCarey, Director of IT Security for Gila River Hotels & Casinos – Wild Horse Pass, Lone Butte and Vee Quiva

"Keeping it REAL with your Security Vendors"

Robert Pace - VP/CISO, Invitation Homes