DDoS attacks have been in the news and can make life difficult for companies. Here’s a little background on these Distributed Denial of Service attacks to help keep you educated and up-to-date.
A number of prominent companies have been recently hit by increasingly powerful DDoS attacks. DDoS (or distributed denial-of service) attacks attempt to make a service or network resource unavailable to its users. The means by which these attacks are carried out varies, but they are often carried out by directing a bot network (a network of remote-controlled computers) to bombard a server with requests until it crumbles under the load.
The motivations for DDoS attacks are also varied, but lately they have been used to extort money from businesses. The scheme works like this: A high-profile site falls victim to a DDoS attack, and while the service is down, the owners of the site are contacted with demands to pay a ransom to make the attack stop. In the meantime, all the users of the service are not able to access the site or their data stored in the system. This can be very financially damaging to the business. These types of attacks can temporarily or indefinitely disrupt service to a network until the attacker pulls back or until the network owner is able to increase their bandwidth and processing power enough to resume service.
DDoS attacks are becoming increasingly common. In fact, eWeek recently reported that there are as many as 28 DDoS attacks every hour and that the attacks have “evolved in sheer volume, complexity and malicious nature, pushing the need for dedicated DDoS defenses to the forefront for many companies.”
High profile consumer sites like Evernote, Feedly, and Move, Inc. (which runs realtor.com and a number of other real estate listing properties) are the ones that make the news, but (while disruptive to users) their revenue model doesn’t mean they will lose as much money per hour they are offline. Online retailers, financial institutions, and advertising networks stand to lose much more revenue if their services come under a DDoS attack.
However, most of the recent high-profile attacks have had this in common: the attackers asked to be paid in Bitcoin to make the attack stop. So far, none of the high-profile properties have (as far as we know) given in and paid the ransom. That isn’t to say other victims or sites that stand more to lose have not paid the extortion fee. Law enforcement has gotten involved in many of the incidents, but ultimately it is up to the businesses to figure out how to restructure their networks and infrastructure to be able to withstand the attacks.
The methods by which these attacks are carried out are also constantly changing, making it difficult for companies to implement a quick fix to bring their services back online or to avoid the attacks from happening in the first place. So far, the stories that have made the news have been consumer-facing companies, but large enterprises are also at risk. While DDoS attacks don’t typically compromise data, customers can become very uneasy when the sites and services they regularly access suddenly won’t work.
There are a number of methods companies take to combat DDoS attacks. Defensive measures typically involve identifying and classifying the types of requests of the attacking traffic and blocking those traffic sources. This can help to block the illegitimate bot traffic so that the legitimate traffic of real users can resume. Firewalls can be used to disallow traffic from certain blocks of IP addresses or particular internet protocols. Defending against potential and active DDoS attacks is a difficult challenge for any company to face. But it is becoming an increasingly more common threat vector that IT security teams will have to learn to cope with, and the more you can educate yourself on the topic, the better.