Organizations often don’t consider that they could become the targets of DDoS attacks themselves. However, the same organizations often don’t consider that they could become the targets of DDoS attacks themselves. Why not? Because they don’t understand this dangerous yet frequently overlooked threat and the motivations of those behind it.
Most organizations have been negatively impacted by a distributed denial of service (DDoS) attack in the past because a year doesn’t go by without a significant online service provider like Google or Amazon becoming temporarily unavailable after being targeted by cybercriminals.
What Are DDoS Attacks?
A distributed denial of service (DDoS) attack is a cyber attack that looks to prevent an online service, network resource, or host machine from being available by exhausting its network or processing capacity.
To better understand this attack, imagine that you own a restaurant (or perhaps you don’t even need to imagine). A few doors next to you is a competing restaurant whose owner is determined to make it as difficult for you as they can to do business. One day, the owner decides to tell her staff to make fake orders and reservations at your place. You suddenly find yourself unable to serve real customers and generate revenue.
The denial-of-service attack we talk about in this article is not that different from the shady tactic described above. They both overwhelm the target by flooding it with unnecessary requests – preventing legitimate requests from being fulfilled. The main difference is in their scale and execution.
DDoS Attack Example
DDoS attacks happen at the Network (layer 3), Transport (layer 4), Presentation (layer 6), and Application (layer 7) layers of the Open Systems Interconnection (OSI) model. They sometimes involve thousands of compromised or controlled sources, commonly referred to as bots, which are used to generate massive amounts of traffic.
For example, Microsoft revealed earlier this year that the company had experienced a record-breaking DDoS attack that used 3.47 terabytes of data per second. The attack originated from approximately 10,000 sources found in the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan.
Most DDoS attacks are much smaller in size because the average cybercriminal doesn’t have access to a huge botnet. What they have access to are various off-the-shelf tools and DDoS-as-a-service offerings – which supply DDoS attacks for money. Such services have become very affordable in recent years. According to TrendMicro Research, just $150 can buy a week-long DDoS attack on the black market, and that’s cheap enough for virtually anyone to afford.
Common Targets of DDoS Attacks
Most DDoS attacks (65 percent) target organizations that are in the United States or the United Kingdom. Most people believe the criminals responsible for DDoS attacks only go after big fish like Microsoft, Google, and Amazon. Unfortunately, it’s not true.
Corero’s DDoS Trends Report Q2-Q3 2017 shows that most DDoS attacks are small, low-threshold attacks. Their targets include:
- Online shopping sites
- Educational institutions
- Government agencies
- Healthcare organizations
- Internet service providers
- Technology companies
If you have a business or organization that supplies services online, or if you have an online presence, then you are at risk of being attacked.
The spectrum of common targets of DDoS attacks is so broad because attackers are motivated by many different things, including:
- Personal gains: There have been cases of university students launching DDoS attacks to avoid difficult exams and disgruntled employees (usually in the IT industry) using DDoS attacks as their tool of revenge.
- Monetary gains: Many DDoS attacks are motivated by the desire to make money. The attacker may tell the victim that the attack will stop once a fee is paid, or their goal may be to give potential customers one less option to choose from.
- Ideology: DDoS attacks are also performed for ideological reasons. For example, attacks of this kind have been conducted against oppressive governments or polluting mining companies.
- Geopolitics: Cyberwarfare is now part of most military doctrines, and DDoS attacks tend to follow geopolitical tensions, as is demonstrated by the ongoing Russia-Ukraine war.
- Boredom: Cybercriminals have always been a curious bunch, and they sometimes orchestrate attacks just to entertain themselves and impress their friends.
Anyone can become a DDoS victim for a variety of different reasons, and those who are protected the least are guaranteed to suffer the worst consequences.
Preventing a Denial-of-Service Attack
DDoS attacks come in many different forms – from those that revolve around sending large numbers of HTTP requests to flood servers to those that exploit the TCP handshake mechanism, which helps secure online communication.
To effectively protect against them, your organization should focus on:
- Monitoring: Successful DDoS attacks are easy to notice, but their early signs are often much more subtle. You should implement a reliable network monitoring tool and configure it to send alerts automatically that way you can reliably spot them.
- Filtering: Web Application Firewalls (WAF) and other traffic filtering solutions can be used to mitigate some DDoS attacks by denying illegitimate requests based on pre-defined rules and clever algorithms.
- Diffusion: DDoS mitigation services can provide the capacity to absorb even the most severe attacks, and they’re priced well within reach of your small or medium-sized business.
Your organization can avoid costly outages and the reputational damage associated with them by implementing these and other DDoS protection measures. Learn how to protect your business from cyber threats with these cybersecurity tips.