For most businesses, being too busy is the kind of “problem” they dream about. At a time when many businesses are struggling as the world emerges from the pandemic, the thought of being too busy barely counts as a problem at all.
But what if a sudden influx of customers weren’t actually customers at all, but rather troublemakers pretending to be customers in order to waste time? Instead of a store or restaurant having to pay customers turning up to shop or eat, instead, they’re inundated with people filling the venue in question with the express goal of bringing service to a standstill. Genuine would-be customers find themselves unable to enter and simply go elsewhere.
This is, in essence, the threat of DDoS attacks. Short for Distributed Denial of Service, these cyberattacks aim to bring down connected systems, websites, or network resources by overwhelming them with large amounts of fake traffic. DDoS attacks date back more than twenty years. However, over time they have continued to evolve: making them more devastating than ever.
Increasing DDoS attacks
The threat of DDoS has ramped up considerably during the pandemic, as the world has become more reliant than ever on internet-connected infrastructure. According to one recent report, between January 2020 — at the very start of the COVID pandemic — and May 2021, daily DDoS peak traffic increased 100 percent. In terms of daily peak traffic, this meant attacks of over three terabits-per-second (Tbps) in May 2021, compared to 1.5 Tbps in January 2020.
Don’t expect that to be the worst thing yet, either. The same report also found evidence that there are DDoS attacks that have a threat potential of more than 10 terabits per second (Tbps). That means the amount of data that is being sent to a network every single second during a high-bandwidth, volumetric attack. If accurate, this would be between 4-5x greater than the current largest reported DDoS attacks.
As DDoS attacks get bigger, so too does their ability to bring down larger and larger targets. Because victims are unable to operate during a successful DDoS attack, an attack can mean costing businesses hundreds or thousands or, potentially, even millions of dollars in losses — not to mention the reputational damage such attacks can cause.
A cyberattack that’s able to knock a major website offline sounds like it must come from a pretty dangerous, highly powered attacker. The answer is both yes and no. An attacker capable of launching a DDoS attack is, by definition, dangerous. DDoS attacks have been successfully directed at code repository Github, the British Broadcasting Corporation (BBC), the Bank of America, Amazon Web Services, and more.
However, don’t think that a DDoS attacker needs to necessarily have large amounts of computing power at their disposal which they can use for an attack. The simple explanation for where all this DDoS traffic is coming from is from a range of sources. By using malware to infect computers and internet-connected gadgets, which essentially become “sleeper agents,” attackers can harness massive numbers of devices and use these to bombard victims with traffic from around the world. These armies of zombie machines are referred to as “botnets.” The world’s largest botnets have consisted of millions, sometimes even tens of millions, of infected machines. In many cases, the rightful owners of these infected machines are totally unaware of what is happening; perhaps only noticing occasionally that their computer or IoT device is experiencing the slightly impaired performance.
Frighteningly, DDoS attacks are getting easier to launch all the time. Thanks to DDoS-as-a-service offerings, it’s now possible to hire a botnet for as little as a few dollars. This lowers the barrier to entry when it comes to launching a DDoS attack, thereby putting it within reach of just about anyone.
Protecting against DDoS
DDoS attacks aren’t going away. Fortunately, the tools are out there to help safeguard against them. One example of a potent defense tool that should be in the arsenal of every organization includes Web Application Firewalls (WAFs), which work by blocking malicious traffic but continuing to let through filtered traffic to its desired destination. As a result, bad actors have their attacks blocked, while legitimate customers are able to continue operating as normal. Companies may also want to safeguard against giant volumetric attacks by using what is referred to as scrubbing centers, which can help handle a high volume flood attack, passing back to the clean traffic in order to reach its target.
DDoS remains an extremely potent and popular (with attackers, not with targets) form of cyber attack. However, by taking the right precautions organizations can protect against them, thereby no longer having to live in fear at the prospect of having their hard-built online service knocked offline by online vandals and cybercriminals.