DDoS Attacks - The Essential Facts

Cybercrime in both our corporate and domestic lives is reaching epidemic proportions and most organisations now accept that it’s more a case of when an attack will happen, not if! Against this backdrop, we take a look at the facts behind one of the most dangerous and business affecting tactics used by cybercriminals, the Distributed Denial-of-Service, or DDoS attack.

What are DDoS attacks?

At its base level, a DDoS attack is a malicious attempt to disrupt the operations of an organisation by temporarily or indefinitely disrupting its services. Such attacks hold companies to ransom by removing their ability to operate, trade and serve customers over the internet - and the negative PR, adverse publicity and on-going financial consequences can threaten an organisation’s very survival.

As a pre-cursor to cyberattacks, cyber criminals will focus on real life situations to develop ‘phishing’ techniques that find back doorways into organisational systems, and once inside, they are able to assess and plan the best method of attack. In the case of DDoS attacks, numerous hacked computers can be loaded with malware to attack a business’s internet connection The recent pandemic provided an ideal backdrop for malicious deception, with attackers using covid-themed emails to generate results. Other common examples include health advice, financial issues and workplace policy emails asking people to click on bogus links or download malicious files.

Banks and financial institutions are heavily targeted by cyber criminals and recent attacks on Santander, Royal Bank of Scotland and Tesco Bank made the headlines due to customer service disruptions. The recent paradigm shift to on-line purchasing has also made e-Commerce businesses and the retail sector far more of a target for DDoS attacks.

Denial of service attacks work by saturating and exhausting an organisation’s computing resources and infrastructure - and by overloading bandwidth and processing power, they prevent systems from operating properly.

DoS attacks typically use multiple rogue devices, and in many cases, thousands of hacked computers to form an ‘attack infrastructure’ that simultaneously connect and overwhelms the target’s website and systems, flooding their systems with traffic, enquiries and customer service requests.

Attacks come in various shapes and sizes; application layer attacks stop or restrict an application’s ability able to communicate and / or deliver content to users, and they commonly target web servers. Volumetric attacks send high levels of traffic or requests to a company’s network to overwhelm its bandwidth capabilities, and by flooding the target they slow down or stop their services. Protocol-based attacks consume actual server resources, including communications equipment and firewalls – and they aim to exhaust server resource rather than bandwidth. And to add insult to injury - some attacks are a combination of these variants.

DDoS Facts

• According to Cisco, annual DDoS attacks are anticipated to double from 8 million in 2018 to 15.4 million by 2023.
• Average cost estimates for DDoS attacks range between £200,000 to £700,000 per hour.
• 20% of companies with 50 employees or more have had at least one DDoS attack.
• Two-thirds of customer-facing enterprise systems are bearing the majority of DDoS attacks.
• Global estimates indicate that 16 DDoS attempts take place every minute.
• Overall, DDoS attacks grew by 24% in 2020.

Consequences
Although DDoS attacks carry a penalty of up to ten years in prison in the UK, the growth in the number of attacks continues to grow, and our interconnected business world means attackers operate across international boundaries.

Website and system downtime as a result of an attack will severely affect operations until recovery takes place, and the loss of reputation, customer trust and confidence rank as the most damaging consequences of an attack - followed by revenue loss, intellectual property and information theft.

Furthermore, DDoS attacks are sometimes used to distract the IT department while other criminal activity takes place, such as data theft or network infiltration. A cyber incident that may have seemed innocuous, could be the start of a further series of more sinister attacks and issues.

Bad PR and on-going security issues can dramatically affect a company’s performance, and gaining a reputation for weak security and lax protection will affect business, and could ultimately lead to the demise of an organisation.

Prevention

System outages, downtime and financial losses place excessive stress on business leaders and IT departments, and many organisations wait until an incident occurs before taking action. Ensuring the right security is deployed throughout the organisation with an appropriate level of detection and prevention will help protect and limit the consequences of a DDoS attack.

Attack identification services including DDoS malicious traffic ‘scrubbing’ provide advanced security protection, and if an incident occurs, the ability to dynamically switch to a replicated and ‘ready to go’ system will ensure operations continue. A wider suite of malware and cybersecurity measures with business continuity assurance is the best way for organisations to protect themselves.

Expert help from a professional security partner who works full-time in the cybersecurity space, and who provides an integrated range of services across all areas of the attack surface area should be considered. Blending integrated technical solutions with employee education programmes and best practice guidance is the best way to fully protect operations and systems.