DDoS, or Distributed Denial-of-Service attacks are one of the most chilling threats enterprises face online.
One minute you can be minding your business online and then next you’re being hit by a mountain of traffic that puts you back to the stone age. Sadly, these attacks are becoming more frequent and brutal.
Learning how to stop a DDoS attack is essential.
In January 2019, Imperva experienced the largest DDoS attack in history receiving 500 million packets per second, a record that displaced the record previously held by GitHub in 2018. As cyber attackers become more knowledgeable, companies are under pressure to educate themselves on DDoS protection and mitigation measures.
Business owners that overlook DDoS defense mechanisms can find themselves financially devastated in the aftermath of an attack. According to Kaspersky, the average cost of a DDoS attack for enterprises is $2 million, and $120,000 for SMBs. In a world so reliant on digital services, downtime can cost you money and customers.
To protect yourself against these attacks, you need to learn what a DDoS attack is, and how to prevent one if it happens to you. Awareness is your best weapon against modern cybercrime.
|
Related: Before going further, download our comprehensive cybersecurity statistics roundup to learn how cybercrime affects businesses on a larger scale.
|
In simple terms, a DDoS attack is a type of cyberattack where traffic is targeted at a server, network, or service by a group of computers in an attempt to pull resources away from legitimate traffic. The group of computers is called a botnet, which is a network of computers compromised by malware under the control of the attacker.
It is important to note that there is a distinct difference between DoS and DDoS attacks. A DoS, or denial of service attack, is an attack where one computer is used to flood a server with TCP or UDP packets. In comparison, a DDoS attack uses multiple devices. As a consequence, DDoS attacks are more powerful because they wield the resources of more devices as a weapon.
There are many different types of DDoS attacks that cybercriminals use that exploit a range of vulnerabilities. Defending these vulnerabilities can be tricky when an attacker launches multiple assaults at once. Knowing how to prevent a DDoS attack and protect yourself comes down to your understanding of the potential threats.
The amount of variation in DDoS attacks makes prevention a challenge because each technique requires different forms of protection and remediation measures. However, there are three main categories that DDoS attacks fall under: volumetric, protocol, and application-layer attacks.
This type of attack uses a high volume of packets such as UDP and ICMP to consume the bandwidth of the target network or site. Examples include UDP flood and ICMP flood attacks.
This type of attack weaponizes protocols to send requests and take up the resources of a server, firewall or load balancer. Examples include Ping of Death, SYN flood, and Smurf attacks.
This type of attack exploits vulnerabilities in individual applications (such as web servers) to send endless requests. An application-layer attack can crash a web server.
| Related: Read about the 4 most common cyberattacks and how to prevent them from happening to you. |
Many enterprises struggle to imagine a reason why someone would attempt to put their network offline. However, there are many motivations behind DDoS attacks. The motives behind these attacks range from bitter ex-employees and political activists to cybercriminals who make a living out of extorting business owners.
Surprisingly, individuals don’t require technical knowledge to launch a DDoS attack directly. Instead, they can hire a cybercriminal to commit a DDoS attack for as little as $5.00. The low cost of launching an attack means that almost anyone can send malicious traffic even if they don’t have any technical knowledge.
No matter what reason someone would have for attacking your company, you need to prepare all the same. Don’t make the mistake of thinking that it could never happen to you because it does to unsuspecting companies every day. Instead, put necessary protections in place, like cybersecurity software solutions, so you can rest easy knowing you're well-prepared in case anything happens.
Recognizing the signs of a DDoS attack is the first step to preventing downtime. If you experience any of the following problems, then you could be under attack:
| Your website is unavailable |
| Slow access to online websites and services |
| Disconnection from the internet |
| Slow access to local and remote files |
| There is a spike in network traffic |
If you start seeing any of the signs above, you should take a closer look at what’s going on but don’t panic. Sometimes you’ll experience connectivity issues because of traffic spikes and legitimate usage, so service disruption doesn’t always mean that you’re under attack!
However, if you notice anything unusual or prolonged disruption to the service, you should investigate further. If you are being subjected to a DDoS attack, the earlier you react, the better.
Preparation is almost always the best line of defense against a DDoS attack. Proactively blocking traffic is better than being reactive. Since preventing a DDoS attack isn’t possible all the time, you should have a combination of prevention and response techniques in place to address an incident with minimal disruption. Ultimately, the faster you or your team reacts, the less damage is done.
When a full-scale DDoS attack is underway, then changing the server IP and DNS name can stop the attack in its tracks. However, if the attacker is vigilant, then they might start sending traffic to your new IP address as well. If changing the IP fails, you can call your internet service provider (ISP) and request that they block or reroute the malicious traffic.
A spike in website traffic is one of the main indicators of a DDoS attack. Using a network monitoring tool that monitors website traffic will tell you the moment a DDoS attack starts up. Many DDoS protection software providers use alerts and thresholds to notify you when a resource receives a high number of requests. While traffic monitoring won’t stop an attack, it will help you to respond quickly and begin mitigation should an attacker target you.
Setting up your network architecture to be resistant to a DDoS attack is an excellent way to keep your service up and running. You should spread out key resources like servers geographically so that it is more difficult for an attacker to put you offline. That way, even if one server gets attacked, you can shut it down and still have partial service for your users.
A web application firewall, or WAF, is used to filter HTTP traffic between an application and the internet. When a cybercriminal targets a DDoS attack at the application layer, the application firewall automatically blocks malicious HTTP traffic before it reaches your site. You can decide what traffic gets filtered by configuring policies to determine which IP addresses will be whitelisted or blacklisted.
Configuring network devices like firewalls and routers is essential for cutting down on entry points into your network. For instance, a firewall will help to stop cyberattackers from detecting your IP address so they won’t have anywhere to send traffic. Similarly, routers have DDoS protection settings and filters that you can use to control the access of protocols and packet types.
|
TIP: Don't leave yourself vulnerable. Find the top-rated firewall software for your company's needs. Get protected before it's too late.
|
Geo-blocking is the practice of blocking out traffic from foreign countries where DDoS attacks are frequent. The majority of DDoS traffic comes from China, Vietnam, South Korea, and Taiwan, so blocking traffic from these regions could limit your exposure. While attackers can work their way around geo-blocking, it can reduce your vulnerability to overseas botnets.
Unfortunately, even with all the preparation in the world, a strong DDoS attack is tough to beat. If you're successful in fighting off the attack, you're still likely to suffer some form of disruption. However, with the right preparation in place, you can reduce the likelihood of an attack putting you out of action.
During an attack, all you can do is notify your employees and your customers to explain performance issues. A social media post will let your customers know there's a problem and that you're working on fixing it.
With the right measures in place, you will be able to limit the damage even if you can't prevent it completely. The important thing is to take action and start building up your defenses early. In the event, you do fall victim to an attack keep a log of source IP addresses and other data for future reference in case there's a follow-up attack.
Want to stay safe online? Read our rundown of seven tips on how to recover from any type of cyberattack.
Not all events are created equal.
by Hailey Friedman
In business, just as in life, it is not the situation but the way you respond that matters.
by Ketaki Sharma
With the crack of a gavel in June of 2018, the United States Supreme Court reached a...
by Alex Forbes
