In years gone by Distributed Denial of Service attacks, otherwise known as DDoS attacks, were more often associated with large companies and government services. The idea that hackers and activists would spend their time, money and effort on smaller websites and companies seemed alien. However, over the years we have seen a dramatic increase in the number of DDoS attacks. In fact, they are becoming more complex and more difficult to control.
What is a DDoS attack?
In its most simple form a DDoS attack is a process by which a target server or system is flooded with extremely large volumes of requests or packets of data. Some of the larger DDoS attacks recorded in recent times reached transfer speeds of more than one Terabit per second. So, it is not difficult to see why exposed servers simply crash. Back in April 2018 the UK National Crime Agency highlighted DDoS attacks as the leading threat to business. Thankfully, there are ways and means of mitigating the impact of a DDoS attack. Still, it is better to be proactive than reactive.
What is the purpose of a DDoS attack?
In the early days many thought DDoS attacks were just the plaything of young hackers and activists. Initially, aside from bringing down a server and taking websites off-line, DDoS attacks were fairly blunt instrument in the cyber war. The problem today is that headline DDoS attacks on a particular website/server can divert resources and focus while the hackers utilise other vulnerabilities to steal customer data and other information. A number of companies have also received ransom demands from hackers threatening a DDoS attack if they don’t pay up.
If you think that DDoS attacks are simple playthings of young hackers with nothing better to do, it’s a sad mistake.
The structure of DDoS attacks
Before we look at ways and means of mitigating and eliminating the impact of a DDoS attack let’s understand their structure and what they do. One of the main reasons for the increase in DDoS attacks is the availability of massive computer networks boasting extreme resources. The use of so-called “zombie computers” has also assisted in the modern-day structure of a DDoS attack. These computers have viruses infected from previous malicious actions. Then, with a simple command from the hackers they can become part of a huge network with massive computing power.
There are also stand-alone networks and even DDoS attack companies readily available on the dark web. As quickly as the authorities stamp out the latest DDoS attack service provider, another one emerges. So, the challenge now is blocking/filtering volume requests and data packets.
Recognising a DDoS attack
There is a real difference between heavy traffic and the start of a DDoS attack but the sooner you can recognise this build-up the quicker you can react and reduce any impact on your websites and businesses. The vast majority of hosting companies will already have DDoS attack protocols in place. So, if an attack hits, they will revert to detailed procedures to deflect the build-up of rogue traffic while ensuring that natural traffic makes it through the filter to the server.
Using artificial intelligence
Hackers are constantly changing the structure and the complexity of their DDoS attacks. This throws hosting companies and large corporations off balance. They may attack a particular webpage, a particular IP address, a particular plug-in or simply flood the server with spoof data packets which automatically expand. Against this background it is difficult to see how hosting companies can stay one step ahead but the use of artificial intelligence is offering great assistance like this monitoring tool provides.
The first indication that a DDoS attack is underway will come from software which analyses incoming data and requests. Artificial intelligence now allows this type of software to compare, contrast and analyse incoming data in a split second, and make a decision whether it is natural traffic or part of a DDoS attack. Experts believe that the structure of DDoS attacks are changing on a daily basis. Therefore, artificial intelligence, which also allows patterns and new creatives to pass around ISPs and hosting companies, is priceless.
The foundations of any DDoS attack are based on flooding servers with huge data requests. Thereby maximising bandwidth and crashing resources, load balancers often come into play. As the name suggest, as soon as there is a DDoS attack the traffic for a website will be spread across a number of servers. Whether all hosts have sufficient capacity to mitigate the full impact of a DDoS attack is debatable but at worst it would still reduce the impact. As the “infection” spreads across a greater area the impact dilutes.
Cloud-based services are becoming an integral part of everyday business. Unfortunately, due to the massive resources available they are proving vital in the fight against DDoS attacks. At the outset of a DDoS attack these resources will be utilised thereby increasing traffic filter capacity and diverting malicious requests away from the main servers. Content Distribution Networks also offer similar means by which to mitigate the impact of a DDoS attack.
Combating DDoS attacks
As businesses depend more and more upon the Internet to maximise their exposure and sales, it is imperative that you have a backup plan in place in case of a DDoS attack. You need to be proactive rather than reactive, mitigating the impact before the attack gains full momentum. The use of Content Distribution Networks can give you sufficient time to lockdown an attack before any major impact on your online services. As we touched on above, filters and load balancers also have a major part to play in your defences.
Recent DDoS attack