Last week, National Crime Agency investigators took down one of the biggest cyber attack websites in the world. Webstresser had been offering online criminals a means to compromise organisations’ websites – from charities, to law firms, to school portals – with no knowledge or technology.
As the BBC reports, “the site was used by a British suspect to attack high street banks last year, causing hundreds of thousands of pounds of damage.” This site, and other ‘stresser websites’ like it, have been causing severe problems for businesses in the UK and around the world. According to the NCA, Webstresser alone launched 6 million attacks before being removed from the web. However, many more of its kind remain.
This news demonstrates that businesses such as law firms must reconsider how they approach cyber security in a culture where it has become so easy for even the most inexperienced hackers to attack any site in minutes.
What are stresser websites?
Stresser websites allow criminals, at little cost, to cause any website to crash, seriously impeding user access, preventing conversions and ultimately causing costly damage – both in terms of resources and reputation. They do this through a form of attack called Distributed Denial of Service (DDoS), which cripples the website’s system through launching an overwhelming volume of requests for access.
These websites may be used by business rivals to prevent customers from accessing a competitor’s services, hold businesses to ransom, or carry out industrial espionage. They create a huge impact, not only for the end user, but for the company itself, whether in terms of financial losses or compromised data protection.
Usually, stresser websites will launch attacks from a range of computers in different locations, making the attack so geographically dispersed that it is difficult to combat. What’s more, the original attacker’s identity is removed from the process, making it hard to determine who is targeting your business, and why.
Worryingly, many stresser services have argued that their tools are simply intended for businesses to test their own cyber security systems. However, considering the immense damage they have caused, this appears questionable.
How are businesses handling stresser sites?
Despite the wide-reaching risk that stresser websites pose, very few organisations are prepared to protect themselves from these targets. According to an an annual survey published by the UK government, 43 per cent of businesses have experienced a breach or attack in the last 12 months, but only 27 per cent have formal cyber security strategies in place. With the annual financial damage of a breach being £3,100, it is clear that this needs to change.
A major issue that the DDoS attack presents is it subtlety. To the untrained eye, it may appear that it is simply a server malfunction, slow internet connection, or a genuine surge in traffic that is causing a website to seize up. It may be some time before your employees realise that this is, in fact, a cyber attack, and by the time that they do, the damage is already done.
Unfortunately, simply installing malware detection on your systems and adding password protection is often not enough to prevent this kind of attack – or many others, for that matter. Instead, an in-depth and integrated response must be utilised, and immediately.
Tips for combatting stresser attacks
The tactics used by stresser website agents are constantly evolving to allow them to evade detection. This means that any law firm wishing to prevent a DDoS attack must employ 24/7 systems management and monitoring. You must be able to determine where traffic is coming from and what impacts your site’s performance.
It is often wise to implement traffic-limiting and load-balancing tools in your website to adequately handle surges in traffic. This means that, in the unfortunate event that you experience a DDoS attack, you can identify it as such and mitigate the effects quickly and accurately.
However, law professionals are not usually trained in in-depth IT and network protection techniques, so it is advisable for law firms to employ outsourced IT support to keep their assets and client data secure.
With expertise and resources of a specialist service, you can simply notify the professionals if you notice anything awry with your website, and they will perform all of the necessary investigations to determine what has caused the problem – before potential clients are turned away.
If you want to find out more about how we can help to prevent DDoS attacks and ensure complete data protection for your law firm, contact us today on 020 3355 7334.