Cyberattacks can happen anywhere. From the ongoing threat of malware, the challenges of social engineering, and new threat vectors such as deepfakes, it’s imperative that the network administrators of tomorrow and beyond are well briefed on the types of attacks that can happen to any digital system.
One such cyberattack, known as a DDoS attack, is often taught in cybersecurity MBA programs. Generally, DDos is taught as a case study of how difficult it can be to identify genuine traffic from a malicious attempt to disrupt services, and how it can be incredibly consequential to businesses, through lost revenue and increased downtime. Let’s explore how this highly visible cyberattack has created havoc in systems around the world.
What is a DDoS attack?
A DDoS attack sounds like a video game from the 1990s (remember Doom?), however, it’s an acronym for a cyberattack known as a Distributed Denial of Service attack. The idea of a DDoS attack is fairly straightforward – flood a website’s resources so that the services it provides are unable to be accessed by users.
Consider a banking website. To provide a service, such as web-enabled banking, many services work in tandem to provide a quick and efficient experience for customers – however, there’s generally a limit as to how many resources can access it simultaneously.
A DDoS attack attempts to take down a website by overwhelming a website with traffic from devices infected with malware – exhausting the resources of a website, and forcing an outage. This can be damaging for websites for several reasons – for online stores, downtime can mean lost sales, and for government or media sites, it can result in the disruption of important information.
How can you identify a DDoS attack?
A DDoS attack may seem impossible to identify, but fortunately, there are many methods to identify malicious actors and this sort of cyber attack. Consider the idea of such an attack – to deny service, you need to be able to rapidly proliferate a large volume of web requests.
This can be done in two main ways – creating a large volume of requests from a single device or using malware to infect a large number of devices (such as IoT devices) that can be then used to proliferate these requests. Fortunately, for network administrators, that creates two clear profiles that can be used to identify attackers.
The first, simply put, is being able to identify single vectors putting outsized numbers of web requests. For network administrators, it may be as simple as asking ‘why is this site experiencing excessive amounts of traffic without a reason?’, and then redirecting or rate-limiting suspected attackers.
The second profile is harder to identify. While it can be easy to infect devices with malware, it can be much harder to set up profiles that are variable enough to escape online monitoring. To defend against this type of attack, web administrators need to be able to identify when patterns in large volumes of traffic – such as surges in web requests that occur at set intervals.
Famous DDoS attacks
DDoS attacks can affect websites both large and small – and for many large businesses that have been victims of these attacks, they’re often well documented online. Gaming platforms such as Blizzard’s Battle.net, Sony’s Playstation Network, and Microsoft’s Xbox Network are all particularly rewarding targets for attackers – take down a gaming platform for a few hours, and not only are you disrupting the activity of some of the world’s largest gaming hubs, but you’re also gaining credibility as a threat actor.
Holiday seasons are a particularly significant time to attempt a DDoS attack – with so many new devices coming online, it can sometimes be difficult to identify attackers from genuine Christmas gifts. Over several holiday seasons starting in 2013, a series of hacker groups launched DDoS attacks against a range of gaming platforms, resulting in ongoing outages.
Unfortunately for attackers, large DDoS attacks can also catch the attention of authorities, who don’t take kindly to cyberattacks. After a series of investigations by the FBI, several hackers were caught and prosecuted.
Mitigating DDoS Attacks
Small companies aren’t immune to DDoS attacks either. A recent study completed by Incapsula noted that more than one in five companies with less than 500 employees had experienced a DDoS attack in the previous twelve months.
While DDoS attacks can seem difficult to protect against, there are a range of strategies that web administrators can take to reduce the likelihood of an attack successfully taking down site infrastructure.
Depending on the size and variety of DDoS attacks, the defensive tools may vary – for example, rate limiting may assist in mitigating the attacks of a single malicious user, but for large-scale attacks, products such as a web application firewall may be more effective.
Cyberattacks can be incredibly costly for organizations large and small. For the tech-savvy organization, being prepared can go a long way to mitigating to more serious impacts of a DDoS attack – and may even help to minimize losses in the long term. As the former director of the National Hurricane Centre, Max Mayfield once said, “preparation through education is less costly than learning through tragedy”.