DDoS attacks cost organizations an average of $221,836 in downtime per attack and cause service disruptions for millions of customers globally
“This page isn’t working.” “This site can’t be reached.” “This service is unavailable.”
Error 503 messages are things that no one ever wants to see on their website. They cause CISOs and IT managers worldwide to reach for antacids. These messages sometimes appear when sites undergo general site maintenance. But they also can result from malicious DDoS attacks — attacks that NETSCOUT reports could cost businesses more than $221,000 per attack in just downtime. This doesn’t even include other related costs and reputational damage.
But what is DDoS and what does it mean for your website? We’re going to dive into what is considered a DDoS attack, how it works, and what you can do to protect your website.
What Is DDoS? Or, More Specifically, What Is a DDoS Attack?
When you go to a website and it fails to load, saying the server is busy, it’s possible that your website has experienced a DDoS attack, or what’s more specifically known as a distributed denial of service attack. If you’re familiar with what a denial of service (DoS) attack is, then you’re already ahead of the game when it comes to understanding what a DDoS attack is.
To Understand DDoS Attacks, You First Need to Understand DoS Attacks
A denial of service attack occurs when an attacker uses a single device and internet connection to target your system with repeated requests for service. Essentially, it’s a rapid assault that intends to overwhelm it to knock your systems offline or make them unresponsive to your customers and users.
Now, let’s take a DoS attack and kick it up to the next level. That’s what you get with a DDoS attack. But what exactly is a DDoS attack? Much as the name suggests, a distributed denial of service attack disrupts service for genuine users. Basically, your server or system is being taxed by more traffic or service requests than it can handle. This occurs when multiple compromised systems — potentially hundreds or thousands — with multiple internet connections to target a single website, service, or system with the goal of making that target unresponsive.
Some examples of real-world DDoS attack victims include GitHub, PlayStation Network, PayPal, Twitter, and Spotify. It stops people from accessing the target’s websites and services so real customers who pay for and use the affected services can’t do so.
So, translation: DDoS Attackers = Jerks.
Exploring How a Distributed Denial of Service Attack Works
Still not quite sure how a DDoS attack works? Let’s imagine the following scenario:
You’re a server at a restaurant. You’re typically assigned a section of five to eight tables to wait on and take care of customers. On a regular workday, you can handle this load with ease. Everything’s going great, your customers are getting their food, and everyone’s happy with the service they’re receiving.
Now, imagine that a big crowd of people walk in and decide to sit at 20 tables surrounding your section. Suddenly, they’re calling on you, demanding that you wait on them. They’re impatient, and they keep flagging you down to get your attention. When walk over to assist them, they then ignore you. You quickly realize that you no longer have the bandwidth to serve your assigned tables and begin feeling overwhelmed. You’re rushing from table to table, trying to take order, refill drinks, and deliver food to these new customers — all the while, still trying to take care of your assigned customers.
While rushing out of the kitchen with an overloaded tray of food for one of your original tables, one of the rude and demanding customers at the table closest to the door suddenly backs their chair into you. You — as well as the tray of entrees — crash to the floor. Food goes everywhere, creating a huge mess — and your original customers aren’t happy. They’re not getting the service they need and they’re tired of waiting. They decide to leave to get better service elsewhere.
SYN Floods and Other Types of DDoS Attacks
The situation above is a lot like what the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) would describe as a SYN flood DDoS attack. During such an attack, a cybercriminal sends unwanted traffic from multiple connections to your site to overwhelm it. What they do is repeatedly send connection requests without ever following through with the three-way handshake to complete the connection; this leaves your system waiting for a response that never comes. (Like the impatient tables of customers in the example who showed up, demanded your attention, and then proceeded to ignore you.)
As the CISA website states: “The incomplete handshake leaves the connected port in an occupied status and unavailable for further requests. An attacker will continue to send requests, saturating all open ports, so that legitimate users cannot connect.”
However, SYN floods are just one type of DDoS attack — there are many others that we haven’t even mentioned. According to Imperva, the top 12 types of DDoS attacks are:
- DNS amplification attacks
- UDP floods
- DNS floods
- HTTP floods
- IP fragmentation attacks
- NTP amplification
- Ping floods
- SNMP reflection
- Flood attacks (which we discussed moments ago)
- Smurf attacks
- Pings of Death
- Fork Bombs
BotNets Are the Cheapest, Most Effective Methods of DDoS Attacks
Modern DDoS attacks virtually always use botnets. Botnets are a network of insecure, connected devices — everything from smart baby monitors to connected office printers — that are hijacked without their owners even knowing it! The Internet of Things (IoT) market is ripe with opportunities for hackers and other cybercriminals. That’s because IoT devices are known for being insecure. And for cybercriminals, they can rent out botnets (or DDoS attack-for-hire services) at little cost.
Although device certificates, firewalls, and other tactics can be used to help increase IoT device security, the overwhelming majority of manufacturers don’t bother installing them.
BotNets allow hackers to do many things, including:
- Launch major DDoS attacks against computer systems and websites.
- Scale their attacks
- Mine cryptocurrency to steal funds that are virtually untraceable.
- Route traffic and spoof IP addresses to make their attacks appear to originate from other locations.
But, wait, don’t all DDoS attackers use botnets? Not necessarily. Smaller attacks can be performed by multiple attackers who are working together while using multiple internet connections and/or devices. However, the most significant attacks use botnets because an attacker would need to own thousands of devices, which is just about impossible (or, at the very least, extremely unlikely).
Causes of DDoS Attacks
DDoS attacks can occur for a multitude of reasons. For example, some hackers think they have something to prove; for others, the reasons are motivated by other factors:
Money, Money, Money
Yeah, we know you were singing that in your head as your read it. Financial gain is a huge motivator for many hackers. And frankly, DDoS attacks are potentially profitable in two main ways:
- DDoS ransom attacks — This occurs when a hacker launches DDoS attacks and offers to halt their onslaught if the target pays a “ransom.”
- DDoS services for hire — Yes, you read that right. There are hackers and companies that offer DDoS services for hire.
Hacktivism and Nation-States
Whether it’s for political, social, or other reasons, some hackers use DDoS attacks to attack, fight, or protest something (or someone). These types of cyberattacks can involve leaking or publishing sensitive information, defacing websites, or taking websites offline entirely through DDoS attacks. Is hacktivism on the rise or is it declining? The answer really depends on whom you ask.
Another tactic that cybercriminals use is to launch DDoS attacks to serve a larger goal. Essentially, it’s a cover-up attack they implement to hide their real move, which may be a cyberattack on another area of an organization. The idea is that if they can distract the target by making them pay attention to the DDoS attack, the idea would be that their real attack may go unnoticed in the chaos.
Dissecting the DDoS Attack Meaning and Costs for Your Business
So, what does a DDoS mean for your business? Well, for starters, a successful DDoS attack means you’re going to have some very unhappy customers.
DDoS Attack Costs: Unhappy Customers
I remember several years ago feeling extremely frustrated while playing World of Warcraft (don’t judge me, it’s a great game!) when the gaming servers kept going down mid-raid. As a player with a paid subscription, I had to keep checking the WOW Realm Status web page to see if there was any news about when the server would be back online.
And as we all know: If your customers aren’t happy, nobody’s happy!
DDoS Attack Costs: Downtime and Mitigation
DDoS attacks are also expensive. We already shared NETSCOUT’s estimated costs of downtime at the beginning of the article. But there are other costs associated with DDoS attacks — costs that include the labor and infrastructure that are necessary to combat DDoS attacks, as well as the reputational damage that may result from such an attack.
DDoS Attack Costs: Reputational Damage
If your website or service is frequently taken offline by hackers because you don’t have the defense mechanisms in place to combat DDoS attacks, then your reputation is going to take a hit. The question is whether your company can bounce back.
What You Can Do to Protect Your Business
Wondering what you can do to protect your business? For starters, you can invest in IoT device certificates. While this won’t help you to protect your business from botnet attacks that user others’ connected devices, it can help you not contribute to the larger issue by having insecure devices.
If your organization is under a DDoS attack, there are a couple of ways you stop these attacks and protect your organization:
- Use a combination of defense mechanisms to protect your network and devices. For example, use a content delivery network (CDN) that has a web application firewall (WAF) and built-in DDoS protection. Why? Because the CDN rests between your server and the offending attacker, you can block or lessen the attack before it reaches your web server.
- Take advantage of other existing solutions or protections that may be available. For example, you should reach out to your web host to discover what DDoS-related policies and protections they have in place. Also, be sure to check to see what DNS flood protections your DNS provider may offer.
With these tactics in place, any denial of service attack on your website can be thwarted… or, shall we say, DENIED!