It's likely that, on more than one occasion, you’ve entered a website only to discover that it's down for unspecified reasons. Soon enough, you come to know that the service was the target of an attack, and it had to shut down for a while. Hacking is usually the first conclusion, but actually, it could have been something far more subtle and direct than that. We are talking about a DDoS attack, one of -if not the most common type of attacks today, which cost millions every year to institutions.
What is a DDoS attack?
The acronym that stands for Direct Denial of Service. Just like its name says, it denies a proper function of any service, meaning it overloads the servers or platforms of a service up to the point where it is forced to shut down for a while.
The main reason why these attacks pose as constant threat comes from the simplicity of their execution. There is no need of cracking passwords, overriding a wireframe, or getting into the Matrix to reach the destination. The only thing attackers need is to send a large number of requests to a server until it can’t handle them anymore. Then, it collapses by mere brute force.
To do this, there is a number or tools available that simulate fake IP addresses and connect to the servers. They can even organize a group of people to overload the service's resources, proving how easy it is to execute them, and how tough generating a defense is.
Another common practice is the use of Netbots. Trojans installed on personal computers that can be activated remotely to send non-stop requests to a destination without the user knowing. What's more, you could be supporting an attack just now without even realizing it.
Why are they a serious threat?
Even if in terms of data security, a DDoS isn’t as risky for an institution as an information or identity theft, DDoS attacks are so easily performed that they force shut services for unspecified periods of time. Only when the requests stop or a solution is found, the service can be restored.
According to Atlas Report, every day over 2,000 DDoS attacks are performed all over the world, showing the reach of their weaponry. In fact, according to research conducted by TrendMicro, you can request a week-long DDoS attack for only 150$ in the black market.
Real-time map showing all the DDoS attacks on a worldwide scale. Ouch!
There are four types of DDoS attacks:
- TCP connection: Their goal is to collapse all the available connections, from firewalls to servers. With enough power, they can bring entire companies down.
- Volumetric: Their aim is the service’s bandwidth. They are looking to obstruct the service by congesting the network that connects the service to the Internet. It might not bring the service down, but the response time will be severely decreased.
- Fragmentation: It sends requests to various sectors to incapacitate the reading capabilities of the service and slower its responses.
- Application: They’re looking to take down a particular part of a service, making it harder to mitigate or close it down completely.
Because of this, businesses that depend entirely on Internet connections (such as remote services, databases, mobile devices, tracking software, videogame servers, and others) can lose their entire revenue model, or a big chunk of it, for as long the attack lasts. And there is no limit to the attack, it can range from a day to over a week.
How can they be prevented?
Unfortunately, unlike hacking and security breaches that enter through backdoors, a DDoS attack comes from the same public channel regular users use. Closing this gate would imply closing it to the general public too, becoming a fence that might repel new visitors.
Even though there is software to mitigate the effects, it is not 100% effective, and it might even mistake a large flow of real users with an attack. This type of security measures usually takes the form of additional barriers between the website and the users, such as verification processes before granting access, or manual recognition such as Captcha. Once again, extra steps are not always welcome by users.
The best solution is to always have a backup plan in case of an offensive, ready to turn off the service without losing many resources, also guarding the product’s main features. This structure has to be able to hold until a solution arrives, whether it's the attack ceasing, the origin of it being blocked, or an increase in bandwidth that counters it.
DDoS attacks have become a huge threat, and one of the main challenges to solve this 2017 for any IT leader. They will continue being a predicament until a solution for this digital mess is found.
Are you prepared for an attack like this in your organization? Leave us a comment with your experience.