So, what exactly is a DDoS attack? DDoS attack stands for Distributed Denial of Service attack. This is when multiple systems flood a targeted system, rendering it unavailable. One analogy is to think of a DDoS attack as several people on a conference call continually yelling over the one person who is actually speaking to the group, making it impossible for anyone to hear the speaker. Those who are yelling would be a DDoS attack on the speaker.
In the case of an actual DDoS attack, think of an online service like LinkedIn, Twitter or Amazon being unavailable because their servers are being flooding with a massive amount of extraneous traffic so that they cannot respond to legitimate requests. It would make it appear that the service was down or unreachable, but in fact it’s overloaded.
Why are businesses targeted?
There are many reasons. It could be to damage the reputation of the business. If a popular social media site like Twitter were repeatedly unavailable over a period of time, end users would eventually grow tired of the inconsistent experience and move away from the platform. Those same users might also comment negatively about the platform on other social media platforms, damaging the company’s reputation.
It could also be to harm the business financially, by making it impossible for customers to complete transactions via the company website. Imagine how much money an e-commerce site like Amazon would lose every minute of downtime that their site is not available or able to process transactions.
Think about the last time you clicked Submit on a website and you watched the spinning wheel for some amount of time before you received a timeout or error message. Did you go back and set up your order or fill out that form a second time and try again, or were you sufficiently frustrated that you went to another site or simply didn’t complete what you were doing? Our online attention span is typically not very long.
One of the most infamous DDoS attacks was the 2016 attack on Dyn, a provider of Domain Name System (DNS) services. DNS is the system that translates names to IP addresses. It’s a near real-time conversion service that acts as the internet’s map.
This is how, when you type in www.google.com, you wind up at Google’s web search engine, which has a numeric address, or IP address, on the internet. When Google publishes its services, it does so at this numeric IP address. It’s DNS that tells your web browser what IP address to go to when you type in www.google.com.
The attack method used on Dyn was a sophisticated botnet that took advantage of numerous Internet of Things (IoT) devices like printers, cameras, thermostats, baby monitors and other “smart” devices connected to the internet, many in people’s homes. This attack was one of the first to highlight the weak cybersecurity that many manufacturers had built into these devices. These were designed to easily install in your home and get connected to the internet, most often via Wi-Fi, to make your home smarter. Unfortunately, this also let the bad guys have a massive attack surface to work with.
A botnet is a term used to define a number of connected devices that are infected by malware and used together as one collective weapon system. In this case, that weapon is designed to generate a massive flood of traffic that will render its target inaccessible, thus a DDoS attack.
DDoS attacks are on the rise
Several firms are reporting a significant increase in DDoS attacks this year. Similar to cyberattacks in general, the pandemic has brought about a significant increase in activity. In the case of DDoS attacks, some of these reports indicate a doubling of activity in the first quarter of 2020.
Perhaps more concerning is that the duration and sophistication of these attacks is also increasing. This is leading to increased disruption for impacted system, which means increased risk of financial and reputational loss, both significant concerns for businesses of all sizes.
The pandemic has seen a significant increase in attacks targeting health care, government and educational platforms. All areas that have become even more critical during the pandemic. In some cases, the cybercriminals are extorting the targeted entities – either to get them to pay a ransom to stop the attack or to simply create a lack of trust in the impacted entity.
Protecting your organization from DDoS attacks
In the face of this increasing threat, organizations need to do all they can to mitigate this threat. While the threat is sophisticated and complex, the mitigation opportunities are improving.
To start, organizations need to focus on being sure that their infrastructure is as resilient as possible. This means leveraging some basic network architecture designs, including geographic dispersion of servers across different data centers. Consider data centers across multiple providers as one option. Regardless of data center provider, be sure there are multiple access paths to the network to avoid any single point of failure.
Redundancy is king. Redundant servers, switches, routers, firewalls, data centers, connectivity, power, etc. Redundant systems help prevent bottlenecks and single points of failure that can be exploited via a DDoS attack.
As these threats have matured, so has the technology to defeat or minimize them. From next-generation firewalls to load balancers and other technologies, the technology is continually improving and including features designed to defeat or minimize DDoS attacks.
You should also be sure that your network bandwidth is optimized to withstand a DDoS attack. If you can justify the expense, obtain as much bandwidth as possible to help manage a flood of traffic, should that occur.
Also consider multiple internet connections to both load balance your connectivity and provide redundant backup. If one connection becomes flooded, you will have a secondary connection available to mitigate the impact.
As DDoS attacks increase, more and more service providers are implementing systems to mitigate the attacks. Check with your internet and DNS providers and find out what technologies they may employ to minimize the effects of an attack, should one occur. If they don’t, check to see if any of the providers available to you do. Given the pervasive nature of DDoS attacks, even the most basic mitigation strategies should be in place.
While you may never be able to prevent a DDoS attack completely, hopefully some of these strategies are available to you to increase your DDoS protection. The attack surface is large and bad actors will continue to exploit it. You have a responsibility to be as prepared as possible, to protect your reputation and your balance sheet.