DDoS Attacks Are Becoming More Common. Here’s What That Means To You

Featured article by Debbie Fletcher, Independent Technology Author

Imagine you own a hardware shop. The doors open one day and there’s a customer outside who wants a demonstration of some piece of equipment before they buy it. You gladly show them. But then ten more customers all show up at the same time, all wanting to test out bits of equipment before making a purchase. Now all your shop assistants are occupied helping them. Then one hundred more people show up, all crowding into the store so that it’s difficult to move about inside. You call up some employees who are supposed to be off that day, and ask if there’s any way they can help out. Then the phone starts ringing off the hook. It’s a massive headache of a morning, but at least you’re making sales, right? Except that none of the “customers” are actually buying anything. Most of them are just there to waste your time. But because they look like real customers you’ve got no choice but to keep trying to help them.

After all, it’s difficult to tell the difference between a fake customer and a legitimate one. Eventually, the onslaught gets so bad that you’ve got no choice but to close up shop. Your business — at least for that day — is ruined.

This sounds like a nightmare. In fact, in the digital realm it’s pretty common. And getting more so all the time. The digital version of this is called a DDoS (Distributed Denial of Service) attack. Designed to bring down a website or web service by bombarding it with fraudulent traffic, it works by directing massive amounts of requests at a target until their service no longer functions, and stops being accessible for legitimate user requests.

Botnet attacks

To increase the amount of traffic that can be sent in a DDoS attack, attackers use what are called botnets, an army of zombie computers or IoT (Internet of Things) devices that have been hacked without the knowledge of their rightful owner. These computers and smart devices can then be called into action and used to send fraudulent requests to a target.

Since 2000, when the first DDoS attack was carried out, similar attacks have grown increasingly big and elaborate. Larger scale DDoS attacks can exceed one terabit per second. Attacks can last anywhere from a few minutes up to several days. A June 2020 DDoS assault on Cloudflare involved 316,000 sending addresses sending large numbers of requests for four days in a row. Returning to the shop analogy, four days of bad trading due to fraudulent crowds of fake customers would be a disaster. But real customers might also be less likely to visit again in the future because of the long wait time they had when they visited during the previous incident.

Targets of DDoS attacks have included big names like the BBC, the Bank of America, JP Morgan Chase, code repository GitHub and others. Attacks could be orchestrated by competitors, extortionists, or simply troublemakers who, in the words of Michael Caine in The Dark Knight, “just want to watch the world burn.

Attack vectors are expanding too, with multiple different approaches to DDoS — from UDP (User Data Protocol) attacks to SYN Flood, TCP, DNS Response, and more.

Attacks are getting worse

With more people working from home than ever during the coronavirus pandemic, DDoS attacks are becoming increasingly common. That is because companies are more reliant than ever on network infrastructure for things like remote working or access to services while people are stuck home.

It’s not just COVID-19 that’s causing the numbers to spike, though. It’s easier than ever today for people to access DDoS-for-hire services. For no more than a few bucks (tens rather than hundreds or thousands of dollars) a botnet rental can be hired to attack targets. These attacks are frequently smaller, but they can be used for large numbers of small, quicker attacks that can be every bit as frustrating to companies as single large attacks. As with any of the “democratizing” aspects of technology, the more people such DDoS tools are available to, the more widespread they will become. Particularly when the asymmetric attack is so lopsided in terms of the expertise and cost of executing an attack compared to the damage that can be caused.

Protecting against DDoS

Protecting against DDoS attacks has never been more critical. Unfortunately, some of the ways organizations have traditionally safeguarded their systems aren’t enough in the age of DDoS. For example, regular firewalls can make attacks worse since they become a bottleneck for requests.

The best investment organizations can make are specialist DDoS cybersecurity experts. They can offer the DDoS protection necessary to ensure availability of web presence. This includes approaches such as DDoS deflation that are designed to absorb DDoS attacks that are multi-gigabytes in size. They can also proactively stop attacks before they reach you by monitoring user behavior to sort legitimate user requests from questionable and likely fraudulent ones.

DDoS attacks aren’t going away. But organizations who take the right steps can make sure that they are protected. It’s one of the best, most proactive, steps anyone can take.