17th

JAN
2018

What is a DDoS attack (and what can we do about them)?

Posted By:
Lifeline Design

While ransomware is on the rise, the number one cyber security attack is still the humble "distributed denial of service” attack, better known as a DDoS. 

At it's core, a distributed denial of service attacks is a brute force method of shutting down a website by overwhelming it with network traffic. Picture your website like a regular store front with doors and a lobby, your customers streaming in and out all day. A DDoS attack jams that entry way up with dummies and blockages, making sure your actual customers can't access your business.

Unlike other cyber security threats which use sophisticated encryption methods to steal valuable information, or commit fraud, the DDoS attack about doing raw damage. It shuts down your site so you can't sell your product. You lose money not only in the form of a loss of sales, but also in the loss of productivity and man hours spent cleaning up the mess. 

Sometimes, a DDoS attack is combined with an extortion element. A sort of "pay us to call of the attack” racket. But more often it is done simply to disrupt and harass, which is one of the things that makes it so frustrating to deal with. 

While the basic idea is simple, that doesn't mean there isn't any nuance to DDoS attacks. There are a few different methods of jamming a network, and it's worth understanding them to fully appreciate how a DDoS attack works.

Denial of Service (DoS) attack 

The most basic of traffic jamming attacks originates from a single source. Through a single origin point, the hacker will use a tool that automates the process of repeatedly pinging an IP address or site request. 

These attacks are a very common form of cyber vandalism, often an entry level hack for "mischievous” hackers. The programs necessary for such an attack are easy to find and employ, meaning you don't need to be particularly sophisticated to pull off an attack like this. You'll often see DoS attacks launched in response to some specific grievance against a site or business.

The good news is that responding to this sort of attack is generally easy. Since the attack originates from a single source, that IP can be blocked and cut off the attack. Generally though, this is anticipated and the hacker will simply spoof another IP or attack from another location, which leads to a frustrating game of whack-a-mole.

Distributed Denial of Service (DDoS) attack

This is the DDoS that you're likely familiar with. A real headache that can shut down sites for days at a time if not handled right.

The key thing that makes this attack sinister is the "distributed” part of it. In a DDoS attack, a hacker will use what is called a "botnet” to launch countless requests at a single site. A botnet is a collection of compromised PCs and servers from all over the world that can be controlled by the hacker. So instead of having one source hammering away at your site, you may have dozens or hundreds.

This is a much more difficult situation to deal with. Since you can't just block a particular IP or domain, there are no easy answers to the problem. You need to take much more drastic measures to defend against this sort of attack.

Distributed Reflection Denial of Service (DRDoS) attack

This is a more sophisticated version of the typical DdoS. Instead of harassing the power of a botnet to make out bound requests, instead, the botnet will pose as the targeted site. By disguising their actual IP address as the targeted site's, they'll ping other services that will send a response back to the actual target. The effect is same, it still jams the network with tons of unwanted, bogus data, but it is much harder to pinpoint the source of the attack. 

What should business owners know about DDoS attacks?

It's tempting to believe that DDoS attacks are a non-issue. That your site is too small to bother attacking, or that your field doesn't attract the kind of misanthrope that would be so vindictive. The unfortunate reality however is that DDoS isn't a very difficult attack to coordinate. In fact, it can even be purchased as a service if someone really wants to make it happen. It only takes one person with an axe to grind to represent a real threat. 

Reducing the damage a DDoS attack can do boils down to a few things:

Prepare in advance

Early preparations can mean all the difference when dealing with a DDoS attack. Even something small like budgeting for extra bandwidth can turn a disaster into a mere snag. Take the bandwidth you think you are ever likely to need and increase it by 200%. While this won't necessarily stop a DDoS attack, it will give you that much more wiggle room when combating one. It's also just good practice in case you ever have a sale that attracts a significant spike in traffic, a social media post that goes viral, or a surprise endorsement. 

Maintain backups of all your important data and site info. In fact, having a Disaster Recovery site may also be a good idea. This is a small backup site that will serve as a temporary workplace while you get your actual site back up and running. This might not be necessary for every business, but if you have remote employees who coordinate through the site, or produce content for the web, this is a vital stopgap that can mean the difference between a few rough days or a complete shutdown.


Have a response ready

If you woke up tomorrow and found your site down, what would you do? Where would you start? Knowing what to do in response to a DDoS attack and minimizing your response time is key to a successful defense.

You should have the contact information for your hosting service on hand and ready to go for when you need immediate service, including names, emails, and emergency phone numbers. The faster you're able to spot and report a DDoS attack, the less down time you'll experience. 

You should also get ahead of any problems by acknowledging the downtime on social media, ensuring your customers that the situation is temporary and being addressed. DDoS attacks are designed to not just impair your ability to operate, but erode your image and introduce friction between you and your customers. Maintaining a positive and confident public while dealing with an attack is a big part of a successful defense.