Updated May 16, 2019
A Distributed Denial-of-Service (DDoS) attack is an attack that involves a series of connected online devices (commonly referred to as botnets), that are used to overwhelm a target website, server or other network or system resources with fake traffic. The attack causes a denial of service for users of the target resource. A DDoS attack can be simple mischief, hacktivism or revenge and can range from a minor annoyance to an extended downtime leading to loss of business among other negative repercussions.
Unlike other forms of cyber attacks, DDoS attacks don’t just aim at infiltrating your security layer; instead, they focus on making your servers and site unavailable to legitimate users. Sometimes, the assaults are used as a smokescreen to cover other harmful acts or destroy security systems to gain access into a company’s database or critical information.
A successful DDoS attack is usually very evident, affecting the entire online user base. That’s why it is a popular tool of choice for extortionists, cybervandals, hacktivist and even business competitors. DDoS attacks can last anywhere from a few minutes up to months at a time, which makes them extremely destructive to any online business. A single attack can result in reduced customer trust, loss of revenues, poor Google rankings and reputation damage.
DoS vs DDoS
A DDoS attack is a subclass of a DoS (denial of service) attack. However, the difference between a DDoS attack and a DoS attack is that in a DoS attack, the perpetrator uses one internet connection to either overwhelm a target with fake requests or exploit software vulnerability – often with the aim of exhausting server resources. A DDoS attack, on the other hand, is launched from botnets that are scattered throughout the internet. Unlike the DoS attack that comes from one source, the DDoS attacks originate from large clusters of connected devices (in hundreds or even thousands) and are generally harder to deflect. DDoS attacks often target the network resources to try to saturate it with substantial traffic volumes.
How DDoS Happens
DDoS assaults are amongst the most common forms of cybercrimes, with the number of worldwide DDoS attacks rising to 50 million every year. For a DDoS attack to succeed, the hacker will distribute malicious command and control (C2) software to unguarded devices, mainly through infected attachments and emails. This creates a network of infected machines, referred to as a botnet. The hacker then commands and controls the botnet, instructing it to flood a particular site with fake traffic, so much that the system fails to work, consequently, taking the website offline.
There are numerous types of botnets, with the latest one, Mirai, housing about 380,000 bots. Mirai, which became famous in 2016, could infect vulnerable IoT devices like IP cameras and DVRs.
DDoS attacks can take down sites of all sizes including the smallest blogging platform as well as fully-established heavy duty businesses like banks and corporations and everything in between. Although this may sound mild, the DDoS attacks cost averaged $2.5 million in 2017.
Cybercriminals engage in DDoS attacks for anything ranging from simple pranks to revenge against a business or even for political reasons. And with the cost of having a company targeted by a DDoS attack going for as low as $10 an hour; these attacks are becoming more prevalent with each passing day. According to the “Black Market Report: A Look into the Dark Web” by Armor, any person can launch a DDoS attack on a company for only $10 an hour or $200 a day.
A DDoS is a brute-force trial to slow down or fully crash a server. It is a serious threat to businesses and can cause severe financial and reputation damage. According to a study by Kaspersky Lab, a DDoS assault can cost a company more than $1.6 million. The attacks can also act as a smokescreen to divert the staff’s attention from another attack, like information theft that’s happening. That’s why the importance of guarding against DDoS attacks can never be overemphasized.
As stated earlier, a DDoS attack is meant to disconnect users from a network or server resource by overwhelming it with service requests. Although a simple DoS involves a single ‘attack’ computer and a single victim, DDoS depend on a series of ‘bots’ or infected computers capable of executing the task simultaneously. The botnet is created by an attacker who takes advantage of a vulnerable system, converting it into a botmaster. The botmaster looks for other unprotected devices and infects them using malware. Once enough systems are infected, the attacker orders them to attack. Each device starts sending a flood of commands to the target network or server, overloading it requests that result in slowdowns or failure. When your systems slow down or fail altogether due to unwanted traffic from multiple devices, it is said to have a DDoS attack.
Application layer attack: this exhausts the target’s resources and disrupts access to the target’s service or website. An HTTP Flood attack is an example of an application layer attack.
Protocol attack: aims the networking layer of the target systems to overwhelm the tablespace of firewall, core networking services, or load balancer that sends requests to the target. An SYN Flood Attack is an example of a protocol attack.
Volumetric attack: uses a botnet to generate huge traffic and jams up the work on the target. DNS amplification is an example of a volumetric attack.
DDoS attacks are launched by individuals, companies and even countries, each having their motivation. Some of the most common attacker motivations include extortion, personal rivalry, business competition, cyber warfare, boredom, ideology, and political reasons.
Mitigating a DDoS Attack
Since DDoS attacks can affect your business in different ways, it might be in your best interest to protect yourself from having to experience them in the first place. You can do this by paying for DDoS services from your hosting company. You can also use the Black Hole Routing during an attack to send the traffic to the abyss. Top hosting companies like KnownHost will monitor your VPN, proxies, DNS and data to uncover any signs of possible DDoS attack against your business and mitigate the issue before it gets to you.
An unmitigated DDoS attack can bring even the biggest, most secure, websites to their knees. A truly motivated attacker, with sufficient resources and know-how, can take just about anyone offline at any time. Good thing that 99% of DDoS attacks are automated and moderately resourced. Average business sites rarely go face to face with the hacking elite.
Putting the right protections in place can reduce risks greatly. That means quality hosting with DDoS protection, like KnownHost. It also means remembering to notify support at the first clear sign of a problem – like your site going offline. When you’ve got the best support and managed hosting admins in the business – USE THEM.