The war against cybercrime is often painted as a one-sided struggle. The hackers generally seem to come out on top, but sometimes the good guys do score important victories. In 2018 the FBI managed to turn the tide, albeit temporarily, on a Distributed Denial-of-Service (DDoS) attack.
The Fed cracked down on fifteen of the world’s largest websites responsible for mounting DDoS attacks. The result? A temporary respite in attacks as their number dropped by 11% (when compared to the same period in 2017).
But cybersecurity experts warn that businesses must continue to employ tools to fight against DDoS attacks as replacement websites are on the rise again. Businesses should invest in DDoS protection services as a precautionary measure.
What is a DDoS attack?
The hackers who create DDoS attacks target legitimate websites by flooding them with traffic from “zombie” servers distributed across the internet. The aim is to crash the site to disrupt service or sales, meaning users are unable to access information or make purchases.
DDoS attacks have grown in number and size over the years. The largest attack in 2018 consumed 1.7 terabits/s of bandwidth, according to cybersecurity firm Positive Technologies. That’s 50% more powerful than the notorious DDoS attack mounted against Dyn, a US internet performance company, in 2016.
DDoS attack example
Dyn runs Domain Name System services which enable computers to quickly connect to a website when the user clicks on a domain name, e.g. cypro.co.uk. This is called “DNS lookup” and is fundamental to the effective functioning of the internet.
By flooding Dyn’s servers with bogus traffic, the hackers made major internet services including Twitter, Amazon.com, Spotify and Netflix unreachable. The hackers mounted three separated attacks on 21st October 2016, each lasting a couple of hours until Dyn finally thwarted them.
Mirai botnet attacks IoT
Dyn said the attacks were orchestrated by a piece of malware, called the Mirai botnet, whose source code had been released onto the internet a few weeks prior. The Mirai botnet was developed to make it easy for hackers to mount DDoS attacks using the Internet of Things (IoT).
The malware was distributed over the internet to infect millions of internet-connected devices such as printers and baby monitors. These devices typically incorporate a rudimentary web server, which the hackers can then control and use to mount coordinated attacks that send bogus traffic to the targeted website.
These types of attacks are very effective. According to a report from internet security firm Netscout, 91% of businesses that experienced a DDoS attack said the bandwidth of their internet connection was completely saturated, effectively preventing them from continuing to do business online for the duration of the attack.
As more companies conduct business entirely online, the economic damage of a DDoS attack can be significant.
Amazon, for example, sold $232bn of goods and services online in 2018 which works out at $440,000 per minute. Even a short website outage can be very costly for a huge company like Amazon.
Netscout calculates the average cost of one hour of internet service outages caused by DDoS attacks at almost $222,000.
DDoS attacks can affect any of size business that depends on its website.
Cybersecurity firm NexusGuard reported that one of its commercial clients was targeted by DDoS attacks almost every day during December 2018.
Nexusguard says it believes the attacks – which averaged thirteen per day – were designed to take down the online shopping website during the peak sales period to inflict maximum economic damage.
Maybe an unscrupulous competitor hired a hacker to mount the DDoS attacks. Or perhaps criminals hoped to blackmail the target company into paying them to stop the attacks. Extortion is a credible motive for DDoS attacks but few companies publicly admit to having been targeted. Even fewer own up to having paid a ransom.
Finally, attacks are often deployed as a means of hacktivism – attacks designed to disable websites of companies or nation-states for political reasons.
But in many cases, there may be no obvious motivation for the DDoS attack. The instructions and executable programs needed to mount these attacks are relatively easy to use by anyone with a knowledge of programming. No doubt some attacks are down to pranksters “showing off” their newfound ability to temporarily cripple a website and may have no ulterior motive.
How to protect yourself
It is worth remembering that DDoS attacks are mostly aimed at high-profile targets, such as large corporations, financial institutions – Lloyds and Barclays have both been victims of DDoS attacks – and internet service providers.
These types of organisations have dedicated cybersecurity staff who are used to intercepting DDoS attempts every day.
Specialist vendors offer a range of DDoS mitigation solutions, such as DDoS protection appliance and scrubbing services, but they are typically aimed at ISPs and large enterprises.
If your business is not an obvious target for a direct DDoS attack, it will be difficult to justify specialised DDoS protection. But you should remember that you can still be the victim of an indirect attack. Your business depends on an ISP for its connection to the internet so if your ISP is hit by a DDoS attack then you may feel the ripple effect.
Most ISPs offer service level agreements for business customers that promise 99.9% availability and financial compensation if it is not achieved. So it is of primary importance to ensure the service level and compensation offered are sufficient for your business.