Welcome to #TechTalkTuesday – where tech terms are defined, explained, and no longer a mystery.
Today’s term is DDoS.
On Monday, October 4th, Facebook, Instagram, and Whatsapp experienced a severe worldwide outage that led to countless users being unable to access their social media accounts. While this is not being touted as a DDoS attack, and there is no evidence that it was a cyberattack, it serves as a great opportunity to discuss what a DDoS attack is, how it can impact a business, and an individual, and how it can potentially be prevented.
A distributed denial-of-service (DDoS) attack is a cyberattack that is done with the intent to maliciously disrupt the internet traffic to a network, server, or service. This is accomplished by artificially flooding the targeted network, server, or service (or its supporting infrastructure) with internet traffic.
A DDoS attack takes advantage of a network of compromised systems as the source of the artificially created attack traffic. This network of exploited machines could include personal computers and networked resources that fall into the category of IoT devices.
Think of a DDoS attack as being a maliciously planned obstacle on the highway, keeping legitimate traffic from getting through.
More about how a DDoS attack works
DDoS attacks take place using networks of internet-connected devices. These devices have each been infected with a type of malware that allows the hacker to remotely control them. Individually, the devices are referred to as zombies or bots. Collectively they are referred to as a botnet. Once the hacker has established the botnet collective, they can direct the attack by simply sending remote directions to each of the bots.
With information about the targeted network or server, each of the bots will send a request to the targeted IP address. This can often result in the network or server becoming overwhelmed. Oversaturating and overwhelming the capacity of a targeted network or server results in the denial of service to any additional traffic requests.
Since each bot that is a part of the botnet is a legitimate internet-connected device, it can be challenging to separate the normal traffic from the attack traffic.
Identifying a DDoS attack
Perhaps the most prevalent sign of a DDoS attack is seeing a service or website suddenly slowing down or becoming unavailable. As several legitimate causes can create similar performance concerns, such as a real spike in traffic due to marketing efforts, deeper investigation is typically needed.
Several traffic analytic tools can be used to help you recognize some of the glaring signs of a DDoS attack.
- Unusual increases in traffic that are originating from just one IP address or range.
- An influx of traffic from devices and users with common behavioral profiles, which could include geolocation, browser type, and version, and device type.
- A dramatic and unexplained increase in requests to a single endpoint or page.
- Unusual traffic patterns, to include spikes at odd hours of the night or perhaps patterns that seem to stray from the norm, such as a traffic surge every 5 minutes.
DDoS attack fallout for the organization
Launching a DDoS attack doesn’t cost the attackers much at all. For the organization, however, the damage can be costly and extensive.
- An organization may have a service level agreement (SLA) with its customers that cannot be maintained if there is a mass service outage. While there is often fine print about expected outages to cover all bases, it could be extensive enough to the point that an organization needs to issue credits and refunds to customers.
- With a website or service unavailable, customers could be flooding the organization’s phone and email systems, which can create a bottleneck and slow down other processes or efforts to restore systems.
- If news of the outage reaches media outlets, competitors may step in to promote their own products and services.
With the company largely unable to communicate through its website or app service, there is an opportunity for the organization to see a drop in public image.
Consider if a business-critical service has thousands of customers that use it daily. The service could be used to book getaways, sell products, sell event tickets, or generate contracts. Putting a halt to the service can directly hit the company’s revenue stream.
DDoS attack fallout for the individual or end-user
Generally speaking, a DDoS attack will not compromise the individual’s data. It is, of course, possible. It will be up to the organization to share any data breach concerns with their user base.
A DDoS attack will keep users from accessing systems, services, and apps that they may rely on. The fallout will depend on several factors but could ultimately cost an individual money and time. Of course, it can also damage the perception of the company.
Can DDoS attacks be prevented?
There are several ways to protect servers and networks against DDoS attacks. That said, every solution has limitations. Your organization could incorporate an ultra-fast connection that can stand up to volumetric DDoS attacks. But will your application server be fast enough? Hackers are very good at what they do, and they are very good at scaling their attacks as needed.
Recognizing that a DDoS attack is incoming takes an expert eye. At first glance, a DDoS attack could come across as a peak in traffic due to a successful marketing campaign, or as the result of a bottleneck somewhere within the data network.
IT departments will need to develop a strategy to help mitigate the impact of a DDoS attack and will need to be fully aware of the limitations of the hardware being used. To prevent future DDoS attacks, you may need to upgrade your technology and existing infrastructure. A team of security experts will be able to tackle the problem without much trouble.
- Routinely stress test your systems and evaluate what they are capable of.
- Evaluate and upgrade systems and software where and when needed.
- Call in third-party experts to ensure your systems can stand up to the next DDoS attack.
Do you feel confident that you know what a DDoS attack is now? Do you have a suggestion for our next TechTalkTuesday topic? Reach out and let us know! We love to tackle the tech talk and make it less of a mystery.