The cybersecurity threat landscape is large and varied. Cyberattacks and incidents occur every day as attackers attempt to use different vulnerabilities and attack vectors to compromise legitimate systems. In many cases, the desired end result of an attack is a data breach. Data is hugely valuable and stealing it can be a profitable business.
However, hackers can also profit simply from harming organizations’ ability to operate. Distributed Denial of Service (DDoS) attacks don’t try to infiltrate an organization’s systems or steal their data. Instead, they just try to render these systems non-operational by flooding them with more data than they are capable of processing. These types of attacks can be profitable to hackers who either charge the targets ransoms to cease the attacks or offer them for hire to people wishing to harm the target.
DDoS attacks are a significant threat to organizations’ ability to operate, and this threat is increasing.
DDoS attacks have been recently growing in all indicators (number, volume, sophistication, etc.) and becoming cheaper to operate. As a result, businesses are more vulnerable than ever to this type of attack and need to invest in the appropriate technologies (i.e. DDoS protection systems) in order to defend themselves against this type of attack.
The Threat of DDoS
Distributed Denial of Service (DDoS) attacks are a significant threat to an organization’s ability to perform business, namely because they don’t require the organization to do anything wrong to be vulnerable.
For many types of cyberattacks, an organization’s systems have some vulnerability that the attackers identify and exploit. In a DDoS attack, this “vulnerability” is the fact that systems have a maximum amount of network bandwidth, processing power, or computer memory at their disposal. Since this is something that cannot be easily changed, systems remain vulnerable to DDoS attacks.
In a DDoS attack, an attacker uses a large number of machines to send spam requests to a legitimate resource like a web server. This many-to-one relationship makes it easy for the attacker to overwhelm the target, making it unavailable for legitimate use. Worse, certain features of the Internet make it possible for the attacker to use them as “amplifiers”, where the attacker can send a small amount of traffic and have a greater amount sent to the victim. The combination of multiple attackers and attack amplifiers makes it easy to render the target non-operation.
The changing Internet landscape has made it easier and easier for attackers to perform DDoS attacks. The growth of cloud computing and the Internet of Things (IoT) has provided an increasing pool of resources that the attackers can either rent or compromise for use in attacks. As a result, DDoS attacks have become increasingly affordable and are commonly available for rent from sites offering DDoS as a service.
Attacks on the Rise
In December 2018, the US Federal Bureau of Investigations (FBI) made an attempt to crack down on the offering of DDoS attacks for hire. By taking down fifteen of the biggest sites offering this service, they had a temporary impact on the number of DDoS attacks observed in the wild. However, this impact didn’t last long.
Between Q4 2018 and Q1 2019, the number of booter for hire services doubled. The threat of DDoS attacks grew significantly between Q4 2018 and Q1 2019, with an increase of at least 84% in that three-month period. The FBI crackdown on the booter for hire services occurred in late December, so this growth is likely legitimate, not the result of comparing to a “low” month.
The DDoS threat grew across the board, with new sites replacing those taken down in the FBI crackdown and an increased level of automation in attacks using a large number of malicious hosts. Attacks lasting more than an hour were also found to have grown in Q1 2019. Distributed Denial of Service attacks represent a significant threat to organizations’ ability to business due to increased reliance on the Internet as both a resource for employees and the primary public face of the company. As DDoS attacks become easier to perform and rent, the threat to all organizations grow since a single dissatisfied employee or customer can take down the company’s web presence for hours or potentially even days.
Defending Against DDoS
Distributed Denial of Service (DDoS) attacks represent a significantly asymmetric threat to organizations’ ability to operate. While a DDoS attack does not compromise an organization’s sensitive data or represent a reportable breach, it can have a significant impact on an organization’s customer base and bottom line. An enterprise-scale DDoS attack can be performed for less than $20 per hour but can cost an organization thousands or more in revenue.
Protecting against DDoS attacks isn’t as simple as running a scan and patching any discovered vulnerabilities. DDoS attacks impact systems by overwhelming them with scale instead of exploiting buggy code.
With the growing DDoS threat, organizations need to deploy and maintain a strong DDoS protection system. These systems are designed to identify and block DDoS traffic, while allowing legitimate customers to have access to the organization’s website. A good DDoS protection system has the ability to intercept and scrub even the largest DDoS attacks and to correctly differentiate attack from legitimate traffic. Choosing the right DDoS protections is an important part of an organization’s cybersecurity strategy and is necessary to protect against this growing threat.