DDoS Attacks: A complete guide on understanding and protecting your enterprise

In July 2021, Link11, a security provider from Europe released a report that pointed out a 33% increase in DDoS attacks in the first half of 2021 compared to the first half of 2020. This year, there have been prominent DDoS attacks. From government websites to educational institutions to telecom service providers, DDoS attacks have been used to target almost every vulnerable company.  In this pandemic, cybercriminals have been smart to target institutions that were in high demand, such as e-learning platforms, vaccination websites or IT infrastructure service providers.

What is a DDoS attack?

A Distributed Denial of Service (DDoS) attack is an attempt to disrupt the normal traffic of a website or a server by overwhelming it with a flood of traffic coming in from different sources. As the host website or server gets overwhelmed handling the large volume of requests, the server crashes or is forced to go offline.

Types of DDoS attacks

Broadly, DDoS attacks can be classified into the following three categories:

Application Layer Attacks: One of the most popular types of DDoS attacks, application-layer attacks are used to overwhelm or exhaust the host’s resources to prevent it from honoring a legitimate request. Attacks are typically aimed at the layer where web pages are generated in response to HTTP requests. If the number of HTTP requests escalates to a point where it is difficult for the server to respond, it can lead to a crash. Unfortunately, this attack is difficult to respond and defend against, as it is challenging to identify and differentiate between legitimate and malicious traffic.

Protocol Attacks: Protocol attacks can cause a denial of service by sending a connection request repeatedly to the host server. An SYN flood attack is an example of a protocol attack, where the hacker exploits the TCP/IP handshake process by repeatedly sending SYN packages. Hackers have been known to bring down firewalls by sending a huge number of SYN packets and stop them from accepting new connections.

Volumetric Attacks: In this type of attack, the hacker attempts to create huge congestion by sending a high volume of traffic or request packets from multiple sources. The objective is to overwhelm bandwidth capabilities so that the server or host slows down or stops its services.

DDoS Botnets
Botnets are a hijacked group of Internet-connected devices, which have been injected by malware to allow hackers to control them from a remote location. It is relatively easier for hackers to use IoT devices in a connected world and use them for hosting attacks against hosts. Using botnets, some of the most significant DDoS attacks have been recorded in history. For example, in 2016, a massive DDOS attack was directed at Dyn, a major DNS provider, which created disruption for many major sites like Netflix, PayPal, Airbnb, Amazon, Visa, The New York Times, and GitHub among others. Hackers used a malware, called Mirai, to create a botnet out of the compromised IoT devices like cameras, smart TVs, radios, printers, etc.

Difference between a DoS and a DDoS attack

A DoS attack is a Denial-of-Service attack, where the hacker sends in a massive amount of requests or traffic to a website or a server and shuts it down. In a DoS attack, the attacks can be easily stopped, as the source of the attack is from a single location and can be blocked. Compared to this, a DDoS attack is a Distributed Denial of Service attack. The host is overwhelmed with requests coming in from multiple locations. This is much difficult to stop than a DoS attack, as multiple devices are sending packets of data from different locations.

DDoS for hire

While DDoS attacks have traditionally been associated with hacker groups, there has been an emergence of DDoS for hire services in recent times. Also called DDoSers or booters, these services are available on the darknet for any enterprise that wants to rent a botnet. Some even offer a botnet toolkit that gives the owner the rights to a botnet payload and the command-and-control files to distribute malware. In addition, some DDoS for hire creators try to assume a legitimate cover by offering their services as ‘stressers’, which implies that they want to stress test the resilience of a server.

Motivation behind DDoS attacks

A host of factors can inspire DDoS attacks, and the reasons vary. Most DDoS attacks are caused for financial gain. In some cases, it is a revenge attack for a specific stand taken by a company for any cause, which the hackers are opposed to. There are also examples of many individual hacktivists who launch DDoS attacks against government authorities. It is also common for hackers to launch DDoS attacks as proof of their technological capabilities. Nations and states have also been known to launch DDoS attacks against government sites of countries, to inflict economic or physiological damage.

What can make a website vulnerable to DDoS attacks?

Unpatched websites or websites that have not updated their plugins regularly are the ones that are most prone to DDoS attacks. Most hosting providers cannot protect against DDoS attacks, as they do not invest in software that can prevent such attacks. If your website is hosted on one server without any disaster recovery protection, it is highly vulnerable to a DDoS attack

How to protect your site from DDoS attacks?

To mitigate risks and protect their sites from DDoS attacks, enterprises can ensure that their servers are spread over multiple data centers in different regions so that even if one server is hit in one region, then a load balancing system can be used to distribute traffic to another server. Servers must also be protected ideally by firewalls that can protect against DDoS attacks.

Enterprises can also decide to partner with a managed security services provider who can offer DDoS mitigation services. Managed security service providers also have the latest automated tools and skilled personnel to monitor traffic and mitigate attacks continuously. With the scale and volume of DDoS attacks expected to go up exponentially, it makes immense sense for enterprises to take DDoS threats seriously before impacting the business.