First of all, if you’ve made it to 2018 without becoming intimately familiar with the ins, outs, ups and mostly downs of DDoS attacks then congratulations are in order. You have been lucky indeed. As it tends to go with the internet and devastating cyber attacks, however, that luck can run out in an instant and before you know it you’re Googling ‘what is the DDoS attack?’ and ‘why is my life so bad?’
What Exactly Is A DDoS Attack?
Here is the basic DDoS definition: a DDoS attack is a distributed denial of service attack, a form of cyber attack that uses the power of a network of hijacked devices to aim a thundering amount of malicious traffic at a target website or online service in the hopes of overloading the server or other network infrastructure to take the target offline or at least slow it way down.
That network of hijacked devices is commonly referred to as a botnet, and botnets are built by infecting devices like computers, tablets or Internet of Things (IoT) gadgets with malware that allow them to be controlled remotely.
How Common Are These Attacks?
You’ve probably heard of the record-breaking distributed denial of service attacks, like the one on the Dyn DNS server that took Netflix, Spotify, Twitter and other major services offline, or the one that stopped trains in Sweden, but rest assured that even if you’re not reading about them regularly, DDoS attacks are doing major damage daily.
In a survey of 1,010 organizations, Neustar found that 84% had been subject to at least one DDoS attack in a 12-month period. A further 86% of that 84% were targeted multiple times.
What Happens When An Attack Is Successful?
As touched on above, the goal of a DDoS attack is usually to take a website offline or slow it down so much it’s not worth using.
This is how distributed denial of service attacks…deny services. For a website that gets hit, the immediate consequences of a DDoS attack are the frustration felt by users, the bad publicity that’s generated when those users take to social media to vent and lost revenue for transactions that can’t be completed during an outage.
Not to mention the cost of fighting an attack for an inadequately protected website, which can ring in anywhere from $20,000 to $100,000 per hour for larger organizations.
The consequences keep on coming when that initial user frustration understandably turns into a distrust of a website’s ability to protect itself and its users and leads to a loss of user loyalty.
Additionally, according to the Neustar study linked above, 47% of organizations hit with a DDoS attack discovered virus activity on their networks following the attack, 43% found malware had been activated, and a staggering 32% suffered customer data theft.
Apropos of all that, how do I protect my website from distributed denial of service attacks?
With professional protection. Whether you pay an up-charge to your ISP for DDoS mitigation or you invest in a scalable cloud-based mitigation solution with either on-demand or always-on activation, granular traffic inspection for identifying attack traffic, and a robust scrubbing server that can keep attack traffic from ever reaching the network while allowing legitimate traffic through unfettered, the bottom line is that the professionals need to handle it. DDoS is not a DIY situation.
I don’t have a website or online service, so I don’t really need to care, right?
You probably realize this is a leading question and the answer is no. There are two main reasons every internet user needs to care.
The first is that DDoS attacks on websites and services you use can very much affect you. Not only will DDoS-caused outages deny you your services, but since DDoS attacks are often used alongside data breach and intrusion attempts, your personal information could be at stake.
The second reason you need to care is that you could be contributing to the distributed denial of service epidemic with your internet-connected devices.
Computers and tablets are at risk of being hijacked by botnet builders, and IoT devices are even more at risk thanks to their lax security. If you’re a default username and password type of person, there’s a good chance you’ve got at least one device in a botnet.
To help prevent your devices from being enlisted into a havoc-causing botnet (or from suffering other hacks or intrusions,) use anti-malware solutions on computers, tablets, and phones and change those default usernames and passwords on IoT devices.
Physically disconnecting and then reconnecting devices from their power source before changing passwords helps erase malware from device memory. Disabling universal plug and play support on devices to make them undiscoverable by the internet, and keeping devices updated and patched are also important steps to take.
Knowledge Is Power
It isn’t pleasant knowing the details of some of the worst cyber-assaults being leveraged against websites, online services, and internet users, but between professional attackers, DDoS-for-hire enthusiasts and botnet builders, DDoS attacks is a topic that no longer leaves any room for blissful ignorance.
If the choice is between learning about distributed denial of service attacks or later posting the best depression memes on your social media accounts to reflect your feelings after a successful attack, the choice is hopefully obvious.