DDoS, or Distributed Denial of Service Attacks, are one of the top cybersecurity threats today. After ransomware, DDoS attacks are a major plague for IT teams as they can grind your systems, and productivity, to a complete halt.
What is a DDoS Attack?
A Distributed Denial of Service Attack (DDoS) is a type of cyber attack where an internet connected device, system, or website is shutdown by a mass influx of fake traffic from many sources. The goal of a DDoS attack is to overload the targeted site, causing it to shutdown. This action then makes the site or service unavailable to legitimate users.
A real-world illustration of a DDoS attack is to imagine that you wanted to cause harm to or extort a coffee shop. Alone, you could stand in front of the store, physically stopping people from entering. While this may slow down service, you won’t cause much of a problem for long. However, if you can get a large group of people to stand in front of the shop, several cars to clog up the drive-thru lane, and dozens of people to constantly call the shop or submit bogus orders through their app, legitimate business would completely stop.
This is exactly how a DDoS attack works, except instead of physical people, they use a group of controlled devices, better know as bots, to swarm on online service with so many requests that it can no longer function.
What Happens During a DDoS Attack?
One of the initial symptoms of a DDoS attack is slowness or difficultly connecting to the impacted service. Eventually, successful DDoS attacks will overload the service or web server to the point where it will completely stop working, preventing any legitimate users from accessing or using the service.
The reason this attack works is because the attacker sends more requests than the server can handle. The requests come from botnets, or a group of bots or “zombie devices,” which are previously compromised Internet of Things (IoT) devices, websites, or computers.
A large majority of the bots in a DDoS attack are compromised IoT devices, such as light switches, smart appliances, and cameras.
Once the system becomes unavailable, the affected business faces a loss of productivity and angry customers who can’t access your service.
What is the Point of A DDoS Attack?
The goal of a DDoS attack is to overload a website and make it unavailable. A DDoS attack does not steal information or allow hackers into your systems. However, hackers can use DDoS attacks as a form of extortion, where they will only stop the attack if the affected organization pays up, or they could use a DDoS attack to hide another malicious attack.
Also, DDoS is commonly used as a form of “hacktivism,” terrorism, or simply to damage an organization’s reputation.
What is Happening to the Server during a DDoS Attack?
During a DDoS attack, botnets send so many requests to the web server that the servers’ CPU and memory quickly become depleted, which may cause the server to crash. In the beginning, the number of tasks on the server will quickly skyrocket, and Google and web users will not be able to access the associated website.
What are Some Famous Examples of DDoS Attacks?
In 2019, the free online encyclopedia, Wikipedia, was hit with a massive DDoS attack that impacted access to the site for three days. Immediately, the site was unavailable in Europe, Africa, and the Middle East, with slowness and periodic outages felt by other countries around the globe.
This attack was conducted in traditional DDoS fashion, with fake HTTP traffic flooding the web servers.
In 2020, Amazon Web Services (AWS) experienced and stopped a colossal DDoS attack that was then considered the worse DDoS attack in history. Amazon reported that the threat was 44% larger is scale than anything they have ever seen before and operated under an elevated threat status for three days.
While the AWS attack only caused minor issues, that fact the Cloud hosting giant faced such a potentially devasting security incident led some consumers to question Amazon’s ability to protect their data.
Which Industries are at Risk?
DDoS attacks can hit any organization, however, the large majority off DDoS attacks target financial institutions. According to Akamai, over 40% of all DDoS targets between 2016-2019 were financial Service organizations.
How Do You Prevent DDoS Attacks?
DDoS attacks can happen out of the blue and can cause serious harm. It is important to make sure that your cybersecurity team has put measures in place to help stop DDoS attacks. Below are several things your IT can do to help prevent DDoS Attacks.
- Practice Security Basics – A strong security foundation is a great first start. Make sure your employees use strong passwords, enable MFA, and ensure that your firewalls allow as a little outside traffic in as possible.
- Recognize the Warning Signs – the earlier you spot a potential DDoS Attack, the better. DDoS attacks start with spotty connections, a slow company intranet and intermittent website shutdowns.
- Get a Vulnerability Assessment done on your network – A Vulnerability Assessment will identify any weaknesses or gaps, allowing you to remediate them before cyber criminals can find and use them against you.
Overall, responding to a DDoS should be part of your overall security program. When it comes to cybersecurity, it's always better to spend time and money to prevent an issue, that to be caught unprepared.