So what are businesses and organizations to do?
For one, you should have a plan ready to respond to such an attack even before it happens. You should know who to contact, what information to gather, what mitigation strategies to employ.
"If you find that your site or organization is under attack, it’s important that you report such attacks quickly to parties that are best positioned to help you mitigate, weather, and restore normal service," says Dave Piscitello, senior security technologist with the Internet Corporation for Assigned Names and Numbers (ICANN).
This primarily means your hosting or Internet service provider. Considering it is also in their best interest to stop the attack or at least mitigate its effect, the providers can directly contact their own “upstream” providers and the ISPs that route traffic from the DDoS attack sources and ask them to help.
In case your own provider is not answering your emails and messages, Piscitello advises contacting the national Computer Incident, Emergency, or Security Incident Response Team that should do it on your behalf.
There is no need to contact local law enforcement, except when you're absolutely sure the attack is criminal in nature (you received threats or blackmail notes asking for money to stop the attack).
When filing a report about the attack to your hosting provider or ISP, be sure to provide as much as information as you can gather.
The list should include: start and end times, observable attack patterns, traffic information (type of traffic, source and targeted IP addresses and port numbers, packet rate, packet size, and bandwidth consumed), unique traffic or packet characteristics, changes in the attack, its impact, and your suspicions about the motive of the attack.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.