Blackholing is a common defense strategy used by Internet Service Providers (ISP) to stop DDoS attacks by blocking incoming traffic and redirecting it into a “blackhole” or null route. At first glance this might seem like a viable mitigation strategy to ward off incoming cyber threats. But is it? Let’s breakdown the specifics and let you decide.
HOW BLACKHOLING WORKS
Blackholing involves blocking all website traffic without discrimination. Both fake and legitimate traffic are sent into a black hole and are not processed in any way. Anyone (anything) requesting access to your internet based services is simply dropped into this empty space, lost forever. Propagating a black hole route can be implemented very easily and is used by ISP’s to quickly deal with saturated networks.
With DDoS attacks lasting anywhere from a couple days to several months, this strategy poses a real challenge for credit unions.
IMPACT OF BLACKHOLING
At the risk of sounding redundant, blackholing stops all incoming traffic. With RTO/RPO expectations shrinking to the sub-day levels (<24 hrs) for most credit union critical processes this becomes an unacceptable mitigation strategy very quickly. Specifically, if blackholing is employed during an attack, your credit union may lose access to the following (depending on your specific infrastructure design):
- Online Banking
- 3rd party services such as shared branching, ATMs, Fedline, Credit Card Authorizations
- Call Center
Can you afford to have these services offline for days/weeks/months at a time? Before you answer yes/no, consider the costs associated with:
- Reputational damage
- Loss of productivity
- Regulatory action
- Fraud (DDoS attacks are often launched to distract attention and resources so other attacks (wire fraud, etc) can go undetected
THE IRONY OF IT
The whole point of a DDoS attack is to deny service. When your ISP takes all traffic and reroutes it into a blackhole it effectively does just that and completes the task for the hacker. Bottom line – while there may be times when due to the frequency, size, power and efficiency of attacks that blackholing may be employed, make sure it is not the ONLY mitigation strategy available to protect your credit union services.
For a more in-depth discussion of services/systems impacted by DDoS attack, refer to our post “My Website and Online Banking Are Outsourced Why Should I Care About DDoS?”
To learn more about how DDoS could impact your credit union reach out today to speak to one of our experts.