Distributed Denial of Service (DDoS) attacks are the nuclear bomb of security threats that can bring down empires.
Just when you think that malware, ransomware, trojans and other nasty slices of the internet can’t get any worse, in comes the DDoS attack.
This is described by Norton as one of the ‘most powerful weapons on the internet’ and, as descriptions go, it’s pretty accurate. These attacks are focused on bringing down entire systems, be they websites or companies or networks.
The goal is to make it impossible to do business so that the owners are forced to pay a ransom (similar to ransomware) in order to make it stop.
Not all DDoS attacks are about ransom, however. Some are simply malicious; others are because the hacker wants to see if they can get away with it. DDoS attacks have been linked to cyberwar, terrorism, personal vendettas, activism and extortion.
The problem is that anyone affected by a DDoS attack finds themselves in the unenviable position of having to spend a lot of money to fix their systems. In some cases, the systems are completely ruined. It’s expensive to fix, can be extremely damaging to the business, can ruin a company’s reputation, and costs a lot to repair.
DDoS attacks are not new. They’re one of the oldest heavy hitters in the cybercriminal toolbox. The only difference between the DDoS of today and that of 20-odd years ago is that today they are far more effective and vicious. The clue to what these attacks do is in the name – denial of service. The hacker uses a variety of different tools at their disposal to prevent anyone else from accessing a particular system by bombarding that system with requests. Usually, the sheer volume of requests causes the system to crash because it’s completely overloaded.
When DDoS attacks first started out, they would throw around 150 requests per second at the server or system. Perhaps the most famous DDoS attack that’s still considered on f the largest in history, is the one against GitHub. The platform survived an attack that threw 129.6 million packets-per-second (PPS) at the website for around 20 minutes. According to a report in Wired magazine, around 1.35 terabits per second of traffic ran headfirst into GitHub at the same time. The attack was extraordinary, no less because GitHub had a DDoS mitigation service in place called Prolexic and managed, in spite of this staggering volume, to stay up and running. In 2019, GitHub’s remarkable 129.6 million PPS was outstripped by another company that received more than 500 million PPS in its DDoS attack. The numbers are staggering, and so is the threat.
Game over: In September 2019, Blizzard was hit by a DDoS attack that affected their World of Warcraft Classic servers. The attack aimed at all the company’s servers based in the US and managed to annoy almost all the affected gamers. What made this attack unusual was a tweet that gave the company a warning that they were planning to hit the servers. The attacks continued for some time, hitting the servers in waves, and eventually petered out. Blizzard was not as fortunate as GitHub, suffering some downtime and plenty of issues.
Along with the fact that DDoS attacks are getting more sophisticated and capable, the threat lies in how effectively they can ruin a business or a service. They often pull the company into the media spotlight where they’re vilified and mocked for not being prepared and for letting their customers down. In fact, as a customer, you’re probably not interested in why a company’s website or service isn’t working, you’re just fed up because you can’t access your funds or get your paid-for service.
For the business, DDoS is becoming a seriously worrying problem. Not only have the types of attack evolved, but the scope. Now that there are more and more digital devices and solutions, along with Internet of Things (IoT) services and multiple-connected networks, the playing field has opened up for the hackers. Your mobile device isn’t safe, nor is your tablet, or your PC. In fact, if you were infected by a botnet , then you could very well be part of the attack.
The symptoms of a DDoS attack are also often very similar to other problems that can affect a business which makes it hard to diagnose. Look out for things like slow access to files, inability to access a particular platform or website, poor internet connectivity or none at all, and lots of spam.
DDoS attacks may be virulent and powerful, but you won’t do yourself any harm if you protect yourself (and your business):
- Download a comprehensive DDoS solution – The Symantec Complete Website Security system offers a solid layer of protection.
- Don’t open the attachment – Attachments are the bane of your security life. They can not only initiate a myriad of attacks from other cyber threats, but they can pull your own system into an attack.
- Don’t click on dodgy links – this really can open your system up to dangerous viruses, malware and spyware. The same goes for ads – avoid them. Rather go directly to the site and find the special offer from there.
- Secure your routers – Do not use the password ‘12345’ and do not leave your systems open. Lock the door right now.