Distributed Denial of Service: Essential Things to Know

By Jeff Broth

Distributed denial of service (DDoS) is emerging as a significant concern in internet security now. DDoS is an offshoot of denial of service (DoS) cyber threats that started 20 years ago. “Distributed” in the context of the DDoS attack means that a hacker or group of hackers sends traffic from a broader range of forged (spoofed) source addresses, making it more challenging to block the attacks. On the other hand, a denial of service (DoS) floods the target with massive traffic from a single source.

DDoS takes advantage of a web infrastructure’s specific capacity limits. During a DDoS attack, the hackers send multiple requests to the target’s web resource, exceeding the site’s capacity to deal with numerous requests and preventing the site from functioning correctly.

Aside from the technical definition of distributed denial of service attacks, it’s easy to identify DDoS attacks by their massive threat to business continuity. The users cannot receive any web service once DDoS exhausts a network’s resources, website, or application. Ultimately, the hackers can try to extort money with threats of continuously taking down the victims’ networks or web properties.

A distributed denial of service attack differs from other malicious hacking attacks in the attack and the target. Other hackers target the vulnerabilities in networks and applications, steal data and additional critical information and threaten to expose the data unless the victims pay. DDoS focuses on paralyzing web services.

Both DoS and DDoS attacks prevent legitimate users from accessing devices, information systems, and network resources, such as email, online accounts, websites, and other online services that rely on the affected network or computer.

Why are DDoS attacks getting more frequent?

The significant increase in DDoS attacks is due to how easy it is to launch them. The pandemic also has something to do with the rise. The lockdowns forced companies to allow most employees to work from home, making them more reliant on internet service providers and communications service providers that support remote work.

Attacks increased because IoT devices are ubiquitous. Although the attacks are lower today than in previous years, the attacks are longer and more destructive. In addition, cyberpunks can increase attack volumes quickly, giving enterprises almost no time to respond before their systems crash.

Distributed denial of service offers cybercriminals a low-cost, high-return attack. A high-volume attack could prevent an enterprise from operating for days or weeks. Thus, victims are willing to pay since the payment is lower than what they can lose. For example, a small business can lose between $8,000 and $74,000 for every hour that their website is down, and the damages for a small business can reach $120,000 per DDoS attack. On the other hand, an enterprise-level attack can cost up to $2 million.

A brief look at the history of DDoS attacks

The 1996 attack on Panix, New York’s oldest internet service provider, was the first known DDoS attack. The unknown cyber actor managed to swamp the computer systems with SYN flood. As a result, the target’s system exhausted its resources and was unable to process legitimate requests. It took the company 36 hours to restore its services.

With the advent of IoT devices, DDoS attacks escalated starting in 2016. First, the hackers introduced the IoT botnets because the devices lack security features. That year, hackers were able to take down sites used by the New York Times and CNN and Spotify, Etsy, and Reddit.

Extortion became a feature of DDoS attacks in 2018, using the Memcached attacks. By 2020, the cyber groups have gained the momentum to launch DDoS attacks, targeting high-profile enterprises. In addition, many cybercriminals are using DDoS today as a smokescreen for more malicious threats, such as phishing same, data theft, financial frauds, and malware deployment.

While thousands of DDoS attacks have occurred since 1996, an attack became quite famous due to the size of the attack and the impact and consequences it rendered to the business community.  

  1. Google (2017) – The attack came from three Chinese ISPs, which lasted three months, peaking at 2.5 Tbps. The actors used several networks, spoofing 167 Mpps to 180,000 exposed SMTP, DNS, and CLDAP servers.
  2. Amazon Web Services (AWS) (2020) – The target, an unidentified AWS customer, was hit by a DDoS technique called a reflection of a connectionless lightweight directory access protocol (CLDAP). They exploited the vulnerability of a third-party CLDAP server and inflated the amount of data sent to the target’s IP address by 56 to 70 times. The attack went on for three days, peaking at 2.3 Tbps.
  3. Github (2018) – The platform for software developers was hit by the Memcached DDoS attack technique, clocking in at 1.35 Tbps. While it only lasted for 20 minutes, Github traced the traffic source to more than one thousand different ASNs from thousands of individual endpoints.
  4. Brian Krebs (September 2016) – Cybersecurity expert Brian Krebs’ blog was bombarded by a DDoS attack of over 620 Gbps. The attack came from the Mirai botnet that used over 600,000 compromised IoT devices. A day earlier, the same botnet was used to attack OVH, one of the largest hosting providers in Europe. The attack lasted for seven days, using 145,000 Mirai bots.

In October 2016, hackers again used Mirai bots to attack Dyn, a domain name service provider. The attack rate was about 1.5 Tbps, which shut down Dyn services and put websites like Airbnb, Netflix, PayPal, Reddit, Twitter, HBO, and Github offline.

Mitigating DDoS attacks

A distributed denial of service attack is difficult to control because the attack comes from different points. However, you can mitigate its effects.

  • You can minimize the attack surface area to limit the option for hackers and allow you to establish protection by reducing the possible points of attack.
  • Increase your bandwidth so that your hosting infrastructure can have enough bandwidth to handle spikes in traffic that may be due to a cyber attack.
  • Use a content delivery network (CDN) or even a multi-CDN solution to provide you with cybersecurity tools and features to protect your site from hackers. Aside from providing you with free SSL certificates, the service providers will also offer DDoS protection.
  • Check with your web host if it offers server-level DDoS protection.
  • Install a web application firewall (WAF) to protect your site from cross-site request forgery and SQL injection attacks.

The takeaway

DDoS attacks are difficult to prevent because your site will be assaulted by high-volume traffic from hundreds, if not thousands of endpoints. The best way to protect your business is to plan for an attack, meaning you should have an appropriate cybersecurity program. Make it a habit to turn off devices that are not in use and disable functions that you will not use to minimize security risks. Working with an experienced and expert cybersecurity provider will improve your security protocols.

Jeff Broth is a business writer and advisor, covering finance, cyber, and emerging fintech trends. He has consulted for SMB owners and entrepreneurs for eight years.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.