enterprisesecuritymag

DDoS Attack... for Dummies!

By Thierry Derungs, Chief Digital Officer, BNP Paribas Wealth

Thierry Derungs, Chief Digital Officer, BNP Paribas WealthThierry Derungs, Chief Digital Officer, BNP Paribas Wealth

DDoS attack shuts down key FinTech Sites

But be cautious with "big titles" like in this article it could make you thinking that these FinTechs are weak... Understanding exactly the kind of attack is important. In this case, it was not the FinTechs' infrastructure which had been successfully attacked but the way to access.

"All internet sites have an IP address which almost no common user could remember"

Indeed, what is DDoS? DNS Deny of Service... Still unclear? Just follow me.

DNS is for Domain Name System. All internet sites have an IP address which almost no common user could remember. So with put names on them: the URL. And the root of the URL is what is called a Domain. Managing Domains names is done by a set of companies known as DNS service providers (the modern internet equivalent to the good old paper phonebook).

What is Deny of Service? It is "just" attacking you through some heavy solicitations. Imagine yourself... one person speaks to you: no problem to understand him. A second person speaks to you at the same time: difficult to follow the first one but still okay. Now, ten persons speak to you at the same time: you do not catch any conversation anymore, even the one you were having with the first person. You suffer a DoS... Over solicitation on your service (understanding a conversation) has just stopped it.

And now... what is a DDoS (DNS Deny of Service)? Imagine you organize a big party at your home and sent your GPS coordinates in the invitation. Everybody is on the road to come but suddenly GPS is crashing... No one can find you anymore; you will be alone at your party... Was your home door broken? Or unsafe? Not at all... the weak point is the GPS and the fact that it was the only mean to find you...

Can you do something against a DDoS attack? Of course! In my example, you should have provided also in the invitation your address and even a paper map. If the GPS crashes, people have an alternative to find you. So you will enjoy your party with all your friends!

Coming back to the article, the attacked FinTechs should have at least a second DNS provider. Indeed, it becomes much (much much) more difficult to attack successfully several DNS providers at the same time... This allows them to keep ways to drive your users to your door, even if one DNS provider goes down.

As you could see, cyber security is key and is a wide and complex topic. Have you even thought one day that to secure your birthday party, you have to worry about GPS's liability?