What is a DDoS attack?

Would you know what to do if your site was hit by a DDoS attack today?

To work out a strategy for protecting against DDoS attacks, it’s important to firstly understand exactly what they are.

DDoS stands for Distributed Denial of Service. Its primary purpose is to overwhelm a web server in order to cripple it, or take it down altogether. This is achieved by flooding your network with unwanted and illegitimate traffic.

Cybercriminals are frequently working out new ways to carry out these attacks and as such they become more powerful every year. In fact, the largest DDoS attacks are growing in size by around 6% every single year. When people think about DDoS attacks, or even cyber attacks in general, they tend to think about the larger attacks in the headlines that have exposed loads of personal information, or brought multi million pound organisations to their knees.

But the size of the attack isn’t always the issue. The reality is that small scale focused attacks can do just as much damage, and small businesses are just as likely to be targeted, so it’s important to make sure you have measures in place to mitigate these attacks or avoid them altogether. This is because DDoS attacks can come out of nowhere, with no prior warning, and it’s actually smaller sites and businesses that are more vulnerable as often they won’t have measures in place to mitigate the attacks, and the impact of downtime on a small or medium sized business can be absolutely devastating.

DDoS attacks are favoured by cybercriminals because they’re incredibly inexpensive to organise and easy to launch. The attacks are generally carried out using a network of bots called botnets. A bot is a script designed to carry out a repetitive task. So, in the case of a DDoS attack, the repetitive task is to make constant requests to the target web server. This works on the limits of a site’s ability to handle multiple requests at one time. This will slow the site, or take it down altogether.

A computer can become a bot through an innocent user accidentally downloading malware from a malicious source. Once the malware has been installed on enough devices creating a large enough bot army, the botnet is ready to launch an attack. It’s not just computers that can be exploited and turned in to a bot, any internet connected device can be a potential target. For example, the Mirai botnet in 2016 exploited a weakness in 30,000 Wi-Fi cameras to create a massive botnet. That particular attack had an impact on thousands of services.

Sometimes, when DDoS attacks occur, the attacker gains nothing and nothing is hacked. Other times, hackers may disable the servers, then demand payment in order to stop the attack continuing. Due to the prospect of downtime being so unattractive to companies, some hackers will even just send them the threat of an attack to try and extort money without actually carrying one out.

Sometimes DDoS is used as a misdirection technique, deployed in order to confuse or occupy the victim whilst they go about extracting personal/sensitive data through other hacking techniques. Because DDoS attacks can be quite chaotic, they’re ideal for distracting your IT staff whilst the hackers get on with infiltrating your network.

Although DDoS attacks are cheap for the attacker, they can be devastatingly costly for the victim, speaking in terms of both revenue and reputation. Unfortunately, the fact is that if you are a target, you’re likely to be hit again. Around two thirds of all DDoS targets are then hit repeatedly. Repeated attacks can also mean your customers become frustrated and move away from your service, and you may end up with legal issues or compensation claims as a result of service disruptions.

If a DDoS attack hasn’t happened to your organization yet, odds are one will eventually.

Have a plan, which firstly includes the plan for your communication with both your staff and your customers. Make sure you’re using techniques such as risk assessments, perimeter protection, patching, vulnerability scanning and threat detection. Steps like locating your web servers in different data centre locations or removing bottlenecks and single points of failure can reduce your chances being taken offline by a DDoS attack.

A Web Application Firewall can help to prevent an attack. DDoS mitigation services will also help to handle high volume intense attacks.

Prevention is much easier and cheaper than dealing with the aftermath of an attack. DDoS attacks can be difficult to stop, but you can limit your risk of falling victim to one in the first place, and you can also minimise the possible harm that an attacker can do by adopting best practises with your web server and using DDoS mitigation services appropriate for your site and business.

Coming Soon: In our next blog, we will be taking a more in depth look at the prevention and mitigation options available to you, and how they work to protect you.