Cybersecurity threats come in many shapes and sizes: there are those that target individuals (phishing attacks, for example), which seek to coerce users into clicking a malicious link or revealing sensitive information, and there are those on a much bigger scale — the sort of attacks that target an entire organization. DDoS attacks fall very much into the latter category, and they can potentially be catastrophic for an organization if the proper prevention and recovery measures aren’t in place.
But just what constitutes a DDoS attack? And more importantly, how can you prevent one in your organization? In this post, we’ll define what DDoS means and look at the measures you can take to reduce the chances of a DDoS attack occurring.
What is a DDoS attack?
DoS stands for denial-of-service, and refers to a malicious attempt to cause a target system — such as a website or application — to become unavailable to its end-users. Add another D, and this becomes DDoS (or distributed denial-of-service), where an attacker uses several compromised sources (rather than just one) in order to launch an attack against a system or an organization. By flooding a system or a server with requests from multiple distributed machines, the target system may become unresponsive or unavailable altogether.
DDoS attacks are fairly common (over a third of organizations say they’ve experienced one) but if successful, the impact can be significant. An attack can last anywhere from a few hours to a few days, or even longer in some cases (the longest reported DDoS attack lasted for over a month), while they can often lead to a huge loss of revenue for the targeted organization (between $20,000 and $40,000 per hour, on average).
Few organizations are immune to a DDoS attack, as evidenced by a 2020 attack on Amazon Web Services (AWS) in which an attacker leveraged a technique called Connectionless Lightweight Directory Access Protocol (CLDAP) reflection to amplify data sent to a victim’s IP address through a server vulnerability. One of the most significant and high-profile DDoS attacks ever recorded, the attack lasted three days and caused significant loss of revenue (as well as reputational damage) for Amazon.
Reasons for a DDoS attack
There can be a number of motivations behind a DDoS attack. Often these are financially-motivated (as with the AWS example) but this isn’t always the case. Some of the most common reasons for a DDoS attack are:
- Industrial sabotage: many victim organizations believe a rival company to be behind a DDoS attack, using it as a means to sabotage the competition by temporarily shutting down a competitor’s website or application
- A ransom: in this scenario, an attacker will cause a system shutdown and then demand a ransom from the organization to get it operational again (these can often be effective, as extended downtime can be very costly for an organization)
- Hacktivism: a rising trend, ‘hacktivism’ refers to cyber attacks with politically- or socially-motivated purposes (such as those carried out by the group ‘Anonymous’) and these often take the form of a DDoS attack
Types of DDoS attack
While the reasons behind a DDoS attack can vary, so too can the types of attack carried out. The type of attack used will often depend on the primary purpose of the attack itself, and will typically fall into one of three categories:
- An application-layer attack occurs when an attacker floods a specific application with repeated requests, eventually overwhelming it and causing the application to become unresponsive or unavailable to users
- A volumetric attack is when an attacker sends multiple requests to DNS servers with the aim exhausting the bandwidth of a target server (this is commonly referred to as a DNS amplification attack)
- A protocol attack aims to overload the resources of a server or its firewalls, routing engines or load-balancers (an example is the SYN flood attack, in which an attacker bombards the server with multiple SYN packets)
How to prevent a DDoS attack
While DDoS attacks are common, they’re not always successful. With the correct preventative measures in place, you can significantly reduce your chances of falling victim to a DDoS attack. The most effective ways to prevent a DDoS attack are:
➤ Plan for scale
This is where cloud hosting is often preferable over other options such as dedicated or VPS hosting; using a cloud hosting provider such as Cloudways vs a VPS solution allows resources such as RAM and bandwidth to be scaled on demand, meaning severs are less likely to crumble under the weight of a DDoS attack.
➤ Install a web application firewall (WAF)
A web application firewall will help to protect against the types of attack that seek to exploit a vulnerability within the application itself (such as cross-site request forgery or SQL injection), which will enable a server to distinguish between malicious and legitimate traffic and block the former, mitigating the chance of a DDoS attack.
➤ Use a CDN
A content delivery network (CDN) isn’t just about delivering content to your users as quickly as possible; it’s also useful for filtering and restricting direct web traffic to ensure that only legitimate users are able to access parts of your infrastructure like your database servers. Cloudflare’s CDN, for example, blocks an average of 124 billion DDoS threats per day.
➤ Know the warning signs
Often the most important part of preventing attacks is knowing what to look out for and when to be concerned. For instance, intermittent crashes, slow loading pages and on/off connectivity may indicate a DDoS attack. Ensure your teams are aware of the warning signs so they know when to raise the alarm.
➤ Create an incident response plan
Even with all of the above measures in place, there’s no way to completely guard against a DDoS attack; however, if you have a solid incident response plan in place, you’ll be in a better position to recover quickly if the worst does happen, minimizing downtime and mitigating the impact on your organization’s reputation and its revenue.
DDoS attacks are a significant and real threat, and falling victim to one could potentially be catastrophic for any organization, large or small. As long as you know the warning signs, you have the right preventative measures in place, and you always plan for the worst case scenario, you have a far better chance of preventing (and if applicable, recovering from) a DDoS attack in future.