DDoS attacks have been part of the cyber-criminal arsenal for over two decades, and they’re only growing stronger and more sophisticated.
What is a DDoS Attack?
A Distributed Denial of Service (DDoS) attack occurs when an attacker attempts to overwhelm a system by sending it an overwhelming amount of requests for data, making it virtually impossible for services to remain operational.
This is achieved by preventing access to everything from servers, services, networks and devices to whole applications. What makes a DDoS attack more devastating than it's cousin the DoS attack, is that with a DoS attack only one system is sending the malicious requests and data, with DDoS attacks these come from numerous origins.
DDoS attacks work by overwhelming a system with data requests until it collapses. This might be a database under attack with an extreme amount of queries or a web server being sent so many page requests that it crashes. Resulting in available bandwidth, RAM and CPU are at maximum capacity due to the levels of demand.
The impact of which can be minor, from web pages not loading and disruption of services, to catastrophic with entire websites and even business rendered offline. The cost of a DDoS attack on a business can be devastating.
Types of DDoS attacks
DDoS attacks generally fall under three categories:
- Volume-based attacks use massive amounts of bogus traffic to overwhelm a resource such as a website or server. They include ICMP, UDP and spoofed-packet flood attacks. The size of a volume-based attack is measured in bits per second (bps).
- Protocol or network-layer DDoS attacks send large numbers of packets to targeted network infrastructures and infrastructure management tools. These protocol attacks include SYN floods and Smurf DDoS, among others, and their size is measured in packets per second (PPS).
- Application-layer attacks are conducted by flooding applications with maliciously crafted requests. The size of application-layer attacks is measured in requests per second (RPS).
Whichever method is used by the criminal, the goal remains the same. Make online services and resources unresponsive or take them completely offline.
Signs and Symptoms of a DDoS Attack
DDoS attacks can go unnoticed as they can look like many of the normal things that cause availability issues, things like legitimate page requests - particularly if this is for a project launch or a popular online retailer during sale time, or they may simply look like a downed server or even a physical issue such as a cabling problem.
Traffic analysis is often required to give a true picture of where the issue is originating from.
DDoS Attacks Today
The number of DDoS attacks have fluctuated over time, but they are still a real and significant threat. Independent reports show a 32% increase in attacks from 2018 to 2019 with a significant spike in attacks during September.
With the recent discovery of botnets like DemonBot and Torii, DDoS attacks are still very much a threat to businesses. Torii in particular poses a big threat to those using IoT devices. Combined with an alarming rise in the availability of DDoS attack platforms it is clear that these types of attacks are still very popular with criminals. One particularly large attack in 2019 lasted 13 days and reached 580 million PPS.
The Evolution of DDoS attacks
The evolutionary trends we're seeing with DDoS attacks are that the use of botnets is becoming more common, coupled with the used of multiple attack vectors (known as APDoS - Advanced Persistent Denial-of-Service) within an attack. This makes tracing the source a very complex challenge. APDoS attacks often take on several layers as part of the attack, going simply beyond overwhelming servers, they may also attack applications and databases.
Attacks are also becoming more sophisticated, with attackers not just choosing an individual target but also the organisations on which the business may rely upon, such as ISP's and cloud providers. These are cleverly executed, wide-reaching attacks that have maximum impact on the business. In order to mitigate risk businesses should no longer just be concerned about DDoS on themselves but also their suppliers, vendors and business partners. You are only as strong as your weakest link is very true when it comes to cyber-security.
Of course, as we continue to develop and implement new technologies such as AI, machine learning and new IoT devices criminals will also perfect their attacks to utilise these new technologies, integrating their attacks with them and DDoS protection will need to evolve too.
Distributed Denial of Service (DDoS) attacks are designed to flood your server or
applications and bring them down. Meaning no emails, no website, no phones, no contact.
They can be devastating – resulting in downtime, lost revenue and a tarnished brand reputation.
Our intelligent protection service will make sure your business stays secure. We can monitor traffic and requests 24/7 to automatically detect rogue traffic and snuff out the danger before it hits your network.
Keeping your business safe, secure and shielded from attack.