DDoS stands for ‘distributed denial of service’. It involves attackers flooding an online service, such as a website, with lots of traffic from different sources so that it causes the server or network to become overloaded in an attempt to bring the service down. Research suggests that 1/3 of all downtime is attributed to DDoS attacks – so it is clearly an important area to focus on when creating Disaster Recovery plans and reviewing your IT’s security (1).
In DDoS incidents, would-be attackers build huge networks of computers which are used to launch a DDoS attack, called ‘botnets’ (essentially a network of bots). These botnets can launch attacks by overwhelming a server with too many requests to handle or sending the victim vast amounts of data to use up their bandwidth.
Attacks can be sophisticated in their approach, with traffic sources coming from lots of different locations with different characteristics making it difficult to separate legitimate web visitors and traffic from hackers.
Attackers can exploit vulnerabilities in the network or flood the targeted resource with lots of data or application calls to overwhelm the server and use up available bandwidth. Increased network monitoring, cybersecurity training to prevent users downloading malware, and effective patch management are just a few of the ways in which you can better protect yourself from a future DDoS attack.
What is the difference between DoS and DDoS?
DoS stands for ‘denial of service’ where typically just one computer and internet connection is used to overwhelm a system.
DDoS is a ‘distributed denial of service’ where multiple computers and internet connections are used together to flood a system.
Because there are so many computers being used in a distributed model, it is impossible to merely block an IP address because multiple addresses are being used to carry out the attack, sometimes thousands of IP addresses.
Why do cyber-criminals carry out DDoS attacks?
There are often a number of reasons why DDoS attacks are carried out:
Hackers may not agree with an organisation or website and use a DDoS attack to make its systems and websites inaccessible
Business competitors may try to sabotage another company in their market with a DDoS attack
Some cyber-criminals use DDoS attacks as a way of extorting money from their victim by refusing to stop the DDoS until the target pays them a ransom
How can you protect yourself against a DDoS attack?
DDoS protection services often cover network monitoring, automation, threat intelligence, traffic pattern analysis and behavioural analytics – all combined to spot DDoS threats before they significantly impact your network and systems.
DDoS protection is much more complicated than just restricting traffic to your site, because even during a DDoS attack you need to still let through legitimate traffic – such as customers trying to access your website. That’s why behavioral and pattern monitoring analytics help to identify trends that point to whether someone is a legitimate customer or a potential threat based on how they are accessing your site.
There are three approaches that we take to DDoS protection at Pulsant, which are useful to review when thinking about how to best secure your business against a DDoS attack:
Monitor – Assess your DDoS readiness to see how your organisation would cope in the event of an attack
Mitigate – Minimise the impact of an attack should it occur
Protect – Adapt and evolve your ongoing protection strategy
Without one of these components, you are potentially leaving yourself open to future threats so it’s important to look at all three together to build a holistic security plan and to also include provisions for DDoS attacks in your Disaster Recovery and Business Continuity plan.
If you consume cloud services then DDoS protection is sometimes included as part of your cloud service however you can often purchase additional levels of heightened DDoS protection to further secure your network from attack, especially if you rely heavily on your website and customers being able to access it – e.g. an e-commerce site with heavy traffic. Additionally, the more popular your site is, the more likely it is that it may be targeted by cyber-criminals.
Want to know more?