If your company’s website or application suddenly goes offline due to a massive influx of suspicious traffic, you could be the target of a Distributed Denial-of-Service (DDoS) attack.
These kinds of cyber attacks are on the rise, and they can be devastating to your business and brand reputation when they cause significant website downtime.
Quick Links: DDoS FAQs
- What is a DDoS attack?
- Different types of attacks
- The first example of a DDoS attack
- Who launches DDoS attacks and why?
- Who is most at risk of a DDoS attack?
- How to prevent DDoS attacks
- What to do if you’ve been targeted by DDoS
- How to Tell if your Computer has Been Enlisted into a Botnet (and What to Do)
What is a DDos Attack?
DDoS stands for ‘Distributed Denial-of-Service’.
A DDoS attack happens when a hacker sends a flood of traffic to a network or server in order to overwhelm the system and disrupt its ability to operate. These attacks are usually used to knock a website or application offline temporarily and can last for days at a time, or even longer.
The Technical Stuff
We use the term Denial-of-Service because the website or server will be unable to serve legitimate traffic during the attack.
And they’re called a Distributed Denial-of-Service because the illegitimate traffic comes from hundreds, thousands, or even millions of other computers. When it comes from one single source, its known as a DoS attack.
Using a Botnet
DDoS attacks utilize a botnet (a collection of many computers or Internet-enabled devices that have been taken over remotely) using malware to launch the attack. These are called “zombies.”
The Different Types of Attacks
The zombies target vulnerabilities in different layers of the Open Systems Interconnection, and are usually broken down into three categories, according to Cloudflare:
1. Application Layer Attacks
Application layer attacks are the simplest form of DDoS; they mimic normal server requests. In other words, the computers or devices in the botnet come together to access the server or website, just like a regular user would.
But as the DDoS attack scales up, the volume of seemingly-legitimate requests become too much for the server to handle and it crashes.
2. Protocol Attacks
A protocol attack exploits how servers process data in order to overload and overwhelm the intended target.
In some variations of protocol attacks, the botnet will send data packets for the server to assemble. The server then waits to receive a confirmation from the source IP address, which it never receives. But it continues to receive more and more data to unpack.
In other variations, it sends data packets that are simply unable to be reassembled, which overwhelms the server’s resources while it tries to do so.
3. Volumetric Attacks
Volumetric attacks are similar to application attacks, but with a twist. In this form of DDoS, an entire server’s available bandwidth is eaten up by botnet requests that have been amplified in some way.
For example, botnets can sometimes trick servers into sending themselves massive amounts of data. This means that the server must process the receiving, assembling, sending, and receiving of that data again.
The First Example of a DDoS Attack
The first known DDoS attack was carried out in the year 2000 by a 15-year-old boy named Michael Calce, according to Norton, and was used to temporarily bring down huge websites like Yahoo, CNN, and eBay, causing an error message like the image displayed above.
This brand of attack has been on the rise ever since.
Who Launches DDoS Attacks and Why?
Though DDoS attacks have grown in their power and sophistication, basic DDoS attacks can be carried out by almost anyone. Regular people can pay for DDoS attacks on a target online or on the black market. They can even rent or lease an existing botnet to carry out their malicious plans.
Early DDoS attacks, like the first one carried out by Michael Calce (aka “Mafiaboy”) was simply done for hacker bragging rights. Just because he could.
Usually though, these are the people who use DDoS attacks, and their reasons for doing so
- Business owners to get ahead of competitors
- Competitive gamers to take down opponents
- Activists to prevent people from accessing certain content
- Trolls to enact revenge on a target
Who is Most at Risk of a DDoS Attack?
The average person doesn’t have much to fear, but giant corporations are the main target. They could potentially lose millions or billions of dollars as a result of downtime caused by a DDoS attack. Smaller business owners could suffer significantly as well.
It’s important for any organization with an online presence to be fully prepared for a potential DDoS attack at any time.
How to Prevent DDoS Attacks
You can’t prevent a malicious attacker from sending waves of inauthentic traffic to your servers, but you can be prepared ahead of time to handle the load.
1. Catch it Early by Monitoring Traffic
It’s important to have a good understanding of what constitutes normal, low, and high volume traffic for your organization, according to Amazon Web Services.
If you know what to expect when your traffic hits its upper limit, you can put rate limiting into place. That means that the server will only accept as many requests as it can handle.
Having up-to-date knowledge of your traffic trends will also help you identify a problem quickly.
You should also be prepared for surges in traffic due to seasonality, marketing campaigns, and more. Lots of authentic traffic (from a viral social media link, for example) can sometimes have a similar server-crashing effect. And even though it’s from a legitimate source, downtown can still be costly for your business.
2. Get More Bandwidth
Once you have a good idea of the server capacity you need, based on your average and high traffic levels, you should get it and more. Getting more server bandwidth than you actually need is called “overprovisioning.”
This buys you more time in the case of a DDoS attack before your website, server, or application gets completely overloaded.
3. Use a Content Distribution Network (CDN)
The goal of a DDoS is to overload your hosting server. One solution, then, is to store your data on multiple servers all over the world.
That’s exactly what a Content Distribution Network does.
CDNs serve your website or data to users from a server that’s close in proximity to each user for faster performance. But using one also means that you’re less vulnerable to an attack because if one server becomes overloaded, you have many more that are still operational.
What to Do if you’ve Been Targeted by DDoS
DDoS attacks these days are so sophisticated and powerful that it can be very difficult to solve them on your own. Which is why the best line of defense against an attack will be having the right preventions in place from the start.
But if you’re under attack and your server is offline right now, there are a few things you can do:
1. Get Defensive Measures in Place Quickly
If you’ve got a good idea of what normal traffic looks like, you should be able to identify when you’re under a DDoS attack pretty rapidly.
You’ll see a massive flood of server requests or web traffic from suspicious-looking sources. But you may still have some time before your server becomes completely overwhelmed and crashes.
Set up rate limiting as soon as possible and clear your server logs to free up more space.
2. Call your Hosting Provider
If someone else owns and operates the server that serves your data, notify them of the attack right away.
They might be able to “blackhole” your traffic until the attack subsides, meaning any incoming requests to the server will simply be dropped, whether it’s legitimate or illegitimate. It will be in their interest to do this so that their other customers’ servers don’t crash either.
From there, they’ll likely reroute the traffic through a “scrubber” to filter out the illegitimate traffic and let normal requests through.
3. Call in a Specialist
If you’re under a large-scale attack or can’t afford any downtime to your website or application, you might want to consider bringing in a DDoS mitigation specialist.
What they can do is divert your traffic to their own massive servers that can handle the load and try to scrub the illegitimate requests from there.
4. Wait it Out
Hiring a professional to reroute and scrub your web traffic is costly.
Most DDoS attacks are over within a few days (though in severe cases, they can last longer), so you always have the option of simply taking the loss, and being better prepared next time.
How to Tell if your Computer Has Been Enlisted into a Botnet (And What to Do)
If you’re an individual user, your computer could be recruited into a botnet without you even knowing it.
It may not be immediately noticeable, but there are a few signs that malicious activity could be going on in the background on your device, such as:
- Frequent crashes
- Longer load times
- Strange error messages
What to do About it
If you think your computer is behaving strangely, it’s best to take action. You’ll need to install and run regular virus scans using trusted antivirus software, such as these recommended ones for Windows, Mac, and Linux.
And remember, never download email attachments or web files unless you know exactly what they are and who they’re from. These phishing attempts could install malware on your device without you realizing it.
Your organization should be prepared for, and be able to handle, much higher volumes of web traffic or server requests than you actually need it to. Just to be on the safe side.
The best possible solution is to prevent the risk of a DDoS attack in the first place, by installing a decent antivirus to protect you from malware. Using a CDN and setting up rate limiting based on normal traffic is another great preventative measure.
Prevention is better than cure because once a DDoS attack is underway and your server is offline, getting it back to normal can be costly — website downtime can impact both your business sales and reputation. So make sure your business is prepared for any kind of attack at any time.