DDoS Attacks: A Costly Attack For the VictimsEric Merlin
Distributed Denial of Service (DDoS) attacks are essentially cyber-attacks, targeted on a specific server or network, with the sole purpose of disrupting the normal operations.
The nature of such attacks typically involves flooding the intended target with consistent traffic flow.
Such traffic flow consists mainly of fake requests and corrupted data packets. So, if you do come across sudden sluggish speeds while online or streaming, while other websites load fine and instantly, you may be facing a DDoS attack.
What are DDoS Attacks?
Before we talk about DDoS attacks, let’s look into Denial-of-Service (DoS) attacks. The latter is an attack with the express purpose to shut down a server or network, making it inaccessible. This ultimately deprives legitimate users of the service.
DDoS attacks, in turn, are a variation of DoS attacks. The extra ‘D’ in DDoS stands for ‘Distributed’, which means that instead of a single system sending in the illegitimate requests, they are distributed across a network.
This usually consists of many compromised systems, all working together to flood the target.
Simply put, this is akin to a shopping mall, where an emergency has been confirmed and tons of people are scrambling to exit via a tiny automatic door, all at the same time.
But there is only enough room for a handful of people to exit at any given time. If this continues, accidents will happen and the automatic door will malfunction and not open for good.
Computer systems work similarly. Too much and too fast at the same time, can cripple systems and prevent them from working properly.
Why Are DDoS Attacks on the Rise?
There can be many reasons behind a DDoS attack. They are mostly financially motivated and such DDoS attacks are deliberately done to disrupt business operations. However, there are also other instances where they are designed to counter the political stance of an organization.
The noticeable increase in the volume of DDoS threats recently is largely due to the tools available to launch such attacks that are easily and readily available.
At times, DDoS attacks may even be used as a facade to create smokescreens to distract security teams while another attack is underway.
How Does a DDoS Attack Work?
DDoS attacks are carried out via networks of Internet-connected machines. This network of computers has been infected with malware.
Thus, allowing them to be controlled remotely by a hacker. These infected individual devices are also known as bots or zombies. A group of bots is named a botnet.
Once the hacker has control, the hacker directs an attack by sending remote instructions to each bot. The botnet targets a system and each bot sends requests to the target’s IP, potentially overwhelming the system, resulting in a denial-of-service to the legitimate traffic.
A DDoS attack is carried out through readily available software. Hosts that are infected can be used to build a botnet. Readily available applications and services can also be used to reflect attacks. Last but not least, even machines can be rented to launch attacks.
How to Identify a DDoS Attack?
What makes DDoS particularly dangerous and prevalent is that most of the time, businesses do not realize if they are hosting or herding the attack. Their network may be in an onslaught and they are none the wiser. So, how do we identify a DDoS attack?
Albeit compromised, each bot is still considered a legitimate Internet device. This makes it an uphill battle in trying to separate the attack traffic from the normal traffic. However, there are certain obvious symptoms and patterns of a DDoS attack which can help in this arduous task.
The most obvious one is when a site or service suddenly becomes slow or unavailable. Although bear in mind that there are also other legitimate causes for this, such as a spike in traffic, that can create similar performance issues. A more in-depth investigation is usually required.
There could also be suspicious amounts of traffic coming from a single IP or IP range.
An unexplained surge in requests to a single page with odd traffic patterns at odd hours of the day.
Even a flood of traffic from users who have a common behavioural profile, such as geolocation or device type. All these are telltale signs of possible DDoS attacks. Traffic analytics tools can help to spot them.
In general, DoS and DDoS attacks are divided into three categories:
As the name suggests, this is a volumetric attack with the sole objective to overwhelm the bandwidth of the target.
Such attacks’ purpose is to exploit the servers’ resources or any intermediate communication equipment like load balancers and firewalls.
These application-layer attacks are to over-exercise and inundate specific features or functions of the target to cripple and disable them.
Why are DDoS Attacks Costly for Victims?
DDoS attacks are constantly a nuisance for online businesses and their customers. This is because if a website suffers a DDoS attack, it could lead to downtime or reduced responsiveness of the applications and services.
A report from Kaspersky Lab states that up from 17% in the previous year, 33% of businesses faced a DDoS attack in 2017. These attacks were targeted at businesses of all sizes.
Incapsula survey result report estimates that a DDoS attack on a business ran to an average of $40,000 cost to the business, for every hour the attack lasted.
This figure largely depends on the nature of the business that was impacted. An e-commerce site would suffer higher losses, especially during the end-of-year holiday season.
Imperva Research Labs produced a Global DDoS Threat Landscape Report where statistical analysis was done on DDoS attacks throughout 2019 and found that the Computing and Internet sectors ranked third in most attacked industry segments.
The highest industry hit would be Games followed closely by Gambling.
Caption: Top Attacked Industries (Source: Imperva Research Labs)
Whereas the application-layer attack requests were confirmed to originate mostly from the Philippines and China in 2019.
Caption: Top Attack Source Countries (Source: Imperva Research Labs)
Without proper and sufficient DDoS attack protection, a notable DDoS attack can cause serious consequences for any business, regardless of their size or industry. On top of suffering huge monetary losses, companies would also have to deal with the loss of future business opportunities.
Worse would be the long term impact of such attacks. The tarnished public/brand reputation and eroding customer trust would spell doom to any business. In addition to this, there are also additional costs incurred to mitigate and recover from such attacks. Regardless of the motive behind an attack, the business impact of a DDoS attack is undeniably costly.
How to Prevent DDoS Attacks?
There are some steps that you can undertake to protect your system or network from falling victim to DDoS attacks. Carry out the following and your business may stay safe and even thwart DDoS attacks in the future.
Constantly Monitor Traffic Levels
Since a DDoS attack typically floods requests to a targeted server, this results in an unusual surge in traffic. This along with the normal traffic could overload the server with more traffic than it can handle. So, it is highly advisable to closely monitor the traffic levels and be on the alert for any unusual traffic increase.
It’s always a good practice to have more bandwidth available as this helps to buy time for you to investigate and mitigate the attack while giving the server the capability to accommodate the unprecedented rise in traffic. This is also to ensure that your service remains up and running.
Furthermore, this will make it harder for hackers by making them do more to clog your Internet connection to have a successful DDoS attack.
Use a Virtual Private Network (VPN)
Virtual Private Networks (VPN) ensure that all your Internet traffic is routed through an encrypted end to end tunnel, masking your IP from any sort of malicious attacks. A hacker can only see the IP of the VPN server, so he/she will not be able to target and flood your device.
Use a Virtual Private Server (VPS)
Having a dedicated VPS will provide your online business with much-needed resources, bandwidth, and security. Your website will have its own space and unique IP, isolating and securing it from any cyberattacks like DDoS.
Use a Strong Firewall
Firewalls are the first line of defence for your online business as they filter and prevent unauthorized access. With a good and strong firewall, you can stop unwanted network access and stay protected from DDoS attacks.
Consistently Update Software
Make it a good practice to update your operating systems, security programs, and other relevant software, once any fixes or patches come out. This helps to mitigate the risks of a DDoS attack as the potential loophole has been patched with a new update.
Do remember that the longer you take to update the software, the more vulnerable your system is to a DDoS attack.
Use a Content Delivery Network (CDN)
CDNs are great to protect your business against DDoS attacks. They reduce the symptoms of a DoS or DDoS attack by taking in large amounts of data. Since all the traffic is soaked up by the CDN’s extensive network of servers, the attack never gets to you.
Last but not least, consistent testing and improvement need to be done, to ensure that technologies and processes implemented can stop and prevent DDoS attacks.
DDoS attacks are indeed a massive concern in today’s digital age and time. The fact that they consistently evolve and grow in intensity and complexity every year, is worrisome. However, you can do something about this.
You need to combine the security measures discussed above along with having smart and responsible behaviour on the Internet. By doing so, you’ll be able to protect yourself and your business from DDoS attacks.
Online enterprises need to know and acknowledge the risks and costs of a DDoS attack. They need to invest in a good DDoS protection program, to manage the risks so that they can enjoy uninterrupted business continuity.