We’re aware the headline says “dummies”, but it’s essential you know we don’t mean it. There are just some topics some of us are content enough to go through life knowing nothing about and idly pretending we do and it has no bearing on whether or not we are, in fact, dummies. Like archipelagoes. We have no idea what an archipelago is. We don’t even know if we’re pronouncing it correctly. And that’s fine. We’re busy. We have to prioritize our brain space.
For many people, DDoS attacks have fallen into the same category that archipelagoes have for us. Something you hear about once in a while that sort of makes you think you should look into it but never quite do. Here’s the thing, though. If we were told archipelagoes do the kind of damage DDoS attacks do – namely, striking 45% of organizations and costing those organizations an average of $40,000 per hour – we’d get to reading up on archipelagoes posthaste.
And that’s why we give you this DDoS cheat sheet. What you need to know about what DDoS attacks are, how they strike, what kind of damage they do, and how to prevent them.
What a DDoS attack actually is
A DDoS attack is a Distributed Denial of Service attack. It’s an attempt to make a network, server, website or some other online resource unavailable to legitimate users by suspending or interrupting the services of a host that is connected to the internet. As you can imagine, DDoS attacks are always malicious.
The difference between DDoS and DoS
One letter. Ta-da. But since you understandably expect a little better from us, we’ll clarify that a DoS attack is a Denial of Service attack. Denial of Service attacks use one computer and one internet connection to flood a target with packets and overwhelm its resources, while Distributed Denial of Service attacks distribute the attack method by using many computers and internet connections to target a host and its resources.
Where all those computer and internet connections come from
The good news is that there isn’t some massive global army of people out there who are willing to let their computers and internet connections be used in DDoS attacks. The bad news is that the attackers behind DDoS attacks don’t really need computers and internet connections to be volunteered.
DDoS attacks are typically accomplished using what is referred to as a ‘Botnet.’ A Botnet is a number of computers that are 1) connected to the internet and 2) have been maliciously taken over, generally using malware like a Trojan Horse, and are being controlled by an external source through standard network protocols. The actual owners of the affected computers tend to not be aware of their membership in a Botnet’s so-called zombie army.
According to Incapsula’s 2014 bot traffic report, a stunning 29% of all visits to websites come from malicious bots.
Demonstration of a massive HTTP flood: 690,000,000 DDoS requests from 180,000 botnets IPs
Common types of DDoS attacks
DDoS attacks can be generally divided into three categories:
As mentioned, internet security firm Incapsula’s research regarding DDoS impact on organizations found that 45% of all organizations surveyed had experienced a DDoS attack in 2014, with the average cost of fighting an attack ringing up to a whopping $40,000 per hour. Still breathing? Good, because we’re not quite done yet. Not only do DDoS attacks lay a beating on an organization’s finances, but they’re also found to cause at least one of the following: software or hardware replacement, a reduction in revenue, a loss of consumer trust, customer data theft, financial theft, and theft of intellectual property. The shockwaves of a DDoS attack can be felt for months, even years.
Defending against DDoS attacks
The latest and greatest in DDoS mitigation and protection is undoubtedly cloud-based anti-DDoS services. With professional, cloud-based DDoS mitigation, in the face of an attack protective services will be activated immediately outside of your network. This means that all traffic will be redirected to the cloud, with only the filtered traffic of legitimate users ever reaching your website.
This is the most effective possible protection against all three main types of DDoS attacks. For volume-based attacks, a scrubbing server absorbs the multi-gigabytes of packets directed at the host before they ever reach the target. For protocol attacks, a mitigating protocol differentiates between legitimate traffic and malicious traffic, allowing only legitimate traffic through. And for application layer attacks, real-time monitoring of site visitor behavior blocks malicious bots and implements security challenges for unrecognized visitors.
So there you have it: a primer on the horror that is DDoS attacks, and what can be done to protect your organization. It’s not always easy to learn new things, but we’re all better for it. In that spirit, an archipelago is a cluster, chain or group of islands. Which should probably just be called a group of islands.