The IT industry has seen a major increase of Distributed Denial of Service (DDoS) attacks over the past several years. The December 2019 New Orleans cyberattack is a perfect example. This attack combined a classic ransomware deployment with a DDoS attack. The DDoS upward trend promises to continue.
DDoS attacks date back to the dawn of the public internet but have increased in quantity and complexity. According to a 2018 report from International Data Group (IDG), the median downtime caused by a DDoS attack is 7 to 12 hours. Using an estimate from Gartner of $5,600 per minute of downtime, that means the average cost of a DDoS attack is in the $2.3 million to $4 million range. These losses are suffered due to a loss of business operations and does not account for staff time or other associated costs.
As technology evolves, so do DDoS attacks. Attackers are continually using these types of attacks to achieve their objectives. This article will help IT pros understand everything from the basics of detection to the tools needed for combatting attacks. In addition, we will discuss the skills one needs to prepare for cybersecurity incidents of this kind.
Businesses in every industry are tasked with digitally transforming or being left behind. Tactics that were once successful generations ago, do not bring in business today. Large enterprises to small family-owned businesses must take the organization digital no matter the industry.
But once digital transformation has taken place, businesses are faced with a whole new set of problems. DDoS attacks continue to rise in complexity, volume and frequency, threatening the network security of even the smallest enterprises.
Digital attacks can and will threaten sales, business operations, and productivity that relies on an internet connection. Fortunately, there are ways to protect your newly transformed thriving organization.
But first, you must learn about the thing attempting to threaten it all.
What Does a DDoS Attack Look Like?
DDoS attacks occur when servers and networks are flooded with an excessive amount of traffic. The goal is to overwhelm the website or server with so many requests that the system becomes inoperable and ceases to function.
Botnets, which are vast networks of computers, are often used to wage DDoS attacks. They are usually composed of compromised computers (e.g., internet of things (IoT) devices, servers, workstations, routers, etc.) that are controlled by a central server.
DDoS attacks can also originate from tens of thousands of networked computers that are not compromised. Instead, they are either misconfigured or simply tricked into participating in a botnet, in spite of operating normally.
Facts of DDoS
DDoS attacks are becoming more common. In the first part of 2019 alone, TechRepublic saw a whopping 967 percent increase in volumetric attacks designed to clog networks and deny access to resources.
The sheer size of these attacks has increased to overwhelming proportions. InfoSecurity reports that the average attack grew in size by 500 percent in 2018.
In addition to becoming more common, this attack has become more sophisticated. They are not limited to layer 3-level attacks and attackers have developed massive application-layer attacks. Neustar reported that 77 percent of all the attacks mitigated in Q1, using two or more vectors.
They combine various attack methods with social engineering, credential stealing and physical attacks, making the DDoS attack only a single factor in a multifaceted approach.
Types of DDoS Attacks
There are three primary classes of DDoS attacks, according to CSO Online:
- Volume-based attacks use massive amounts of bogus traffic to overwhelm a resource such as a website or server. They include ICMP, UDP, and spoofed-packet flood attacks. The size of a volume-based attack is measured in bits per second (bps).
- Protocol or network-layer DDoS attacks send large numbers of packets to targeted network infrastructures and infrastructure management tools. These protocol attacks are measured in packets per second (PPS).
- Application-layer attacks are conducted by flooding applications with maliciously crafted requests. The size of application-layer attacks is measured in requests per second (RPS).
For each type of attack, the goal is always the same: Make online resources slow or completely unresponsive.
DDoS Attack Timeline
It was an attack that would forever change how DDoS attacks would be viewed. In early 2000, Canadian high school student, Michael Calce, hacked Yahoo! with a DDoS attack that managed to shut down one of the leading web powerhouses of the time.
It was not the first DDoS attack, but that highly public and successful series of attacks transformed denial of service attacks from novelty and minor inconvenience to powerful business disruptors in the minds of technology executives forever.
In the mid-1990s, an attack may have consisted of 150 requests per second – and it would have been enough to bring down many systems. Today they can exceed 1,000 Gbps. This has largely been fueled by the sheer size of modern botnets.
DDoS Attacks Today
Today, attackers have more help. Recent advancements have given rise to AI and connective capabilities that have unprecedented potential. Similar to legitimate systems administrators, attackers now have voice recognition, machine learning, and a digital roadmap that can allow them to manipulate integrated devices in your home or office, such as smart thermostats, appliances, and home security systems.
Recently discovered botnets like Torii and DemonBot capable of launching DDoS attacks are a concern, according to Kaspersky Labs reports. Torii is capable of taking over a range of IoT devices and is considered more persistent and dangerous than Mirai. DemonBot hijacks Hadoop clusters, which gives it access to more computing power.
A DDoS report from Imperva found that most DDoS attacks in 2019 were relatively small. For example, network-layer attacks typically did not exceed 50 million PPS. The report’s authors attributed this to DDoS-for-hire services, which offer unlimited but small attacks. Imperva did see some very large attacks in 2019, including a network-layer attack that reached 580 million PPS and an application-layer attack that peaked at 292,000 RPS and lasted 13 days.
How to Protect Your Organization Against DDoS Attacks
Security and risk management technical professionals must design a defense utilizing a broad range of options and integrate DDoS mitigation with incident response.
There are real-time, automatic, and highly scalable tools to protect your business against DDoS attacks. LightEdge can help customers protect their network connectivity and ensure that their internet is always on.
Our solutions are designed to handle large network-based DDoS attacks or floods, reflective amplified spoof attacks, as well as attacks that can be too low to be detected by other solutions.
Automated network-based DDoS defense enables DDoS attacks to be mitigated in real-time, as soon as the first flood of malicious packets start traversing the network. Automation removes security analysts and network operators from DDoS defense workflows, for all but the tiny proportion of attacks that are too complex to fully characterize.
LightEdge is able to keep your business online regardless of an attack, so that your real customers can continue to utilize your services as normal.
A Guide for DDoS Tools
Gartner expects to see continued growth in the DDoS protection market, which should benefit enterprises. With more competitors entering the market, better pricing and a more diverse set of options will become available to customers. DDoS mitigation service providers are offering more-flexible pricing models and lower price points than they did five years ago.
Most organizations will continue to rely on DDoS mitigation service providers, as opposed to building their own teams of DDoS mitigation experts. A typical enterprise only gets attacked intermittently, with large gaps (12 to 18 months or longer) between attacks.
Rather than investing in training personnel and purchasing equipment, most businesses prefer to outsource to experts when they experience a DDoS attack. Also, DDoS attackers are continually developing their techniques, which makes it challenging for internal teams to remain up to date. Therefore, Gartner predicts most enterprises will prefer to continue relying on third-party services for DDoS mitigation assistance.
Enterprises should be careful to not overpay for DDoS mitigation services. Many of the contracts that Gartner reviews from scrubbing center providers start at $5,000 per month (per data center) or higher.
Alternatively, some cloud service providers (CSPs) offer DDoS protection for links for a 15 percent to 20 percent premium over the cost of the bandwidth — a pricing model that is typically less expensive than that of scrubbing centers. Because the market has broadened and there are more choices than ever, enterprises should match their risk levels for being attacked with the capabilities of their DDoS mitigation providers.
Protect Your Business from DDoS Attacks with LightEdge
When asked about our differentiators against the competition, one of the first answers is always – our network. Our history with network goes all the way back to 1996 when we were founded as an ISP. We spent over two decades making sure our network and infrastructure were scalable, redundant, and secure enough to meet the most challenging IT needs.
As a top-tier colocation services provider, we provide a high level of availability and reliability through secure, certified data centers and dedicated staff onsite. Our customized and scalable services give you the control, whether you need a colocation rack, cage, or custom suite now or in the future.
LightEdge’s highly trained compliance and security experts take the guesswork out of keeping your business protected. Trust our expertise to ensure you are covered through our security and compliance services. This includes risk management, information security, audit preparedness, and support.
Our LightEdge facilities are more advanced than traditional data centers. We have created true Hybrid Solution Centers designed to offer a complete portfolio of high speed, secure, redundant, local cloud services and managed gateways to public clouds through our hardened facilities.
Customers turn to LightEdge to reduce risk of non-compliance, scale security, and for the predictably and cost-effectiveness. LightEdge provides customers with an extended team of experienced engineers and helps to focus resources on agility and differentiation. Are you curious how your current provider stacks up? Our security experts will provide a free security assessment. Find out how you measure up against the latest compliance and security standards. No risk, no commitment. Contact us today to get your free security assessment.
- Five Reasons Why Businesses Use Managed Security Services
- Cloud Audits and Compliance: What You Need To Know
- Top Cloud Security Controls You Should Be Using
- What Is Edge Computing and How Does It Impact Me?
- Cybersecurity Risk Is Leadership RiskThe Importance Of Data Security: Understanding The True Cost
- How To Mitigate And Respond To Data Breaches
- Why Insider Threats Are The Biggest Danger To Your Data
- Top Network Security Threats And How To Prevent Them
- The Definitive Guide to Network Monitoring