A DDoS attack, or distributed denial of service attack, is one of the most powerful tools used in cyberattacks. Hackers use these attacks to bring down a website or system, making it inaccessible and unusable until the attack is called off or the website is resecured. Here’s some insight into how this attack works, why it is so important to protect your business against a DDoS attack, and what you can do to make your website and systems secure.
How Does a DDoS Attack Work?
Websites and online systems have a set capacity of how much traffic they can handle. While large organisations with an active online consumer base have more capacity than smaller businesses, there’s still a limit for just how many people they can have on their website at any one time.
A DDoS attack works by flooding the website with an overwhelming amount of traffic requesting connections, using fake packets of information, or even messages to the website. This causes the website to crash, and it is very challenging to bring it back up while the attack continues. In the meantime, your business cannot operate, your customers cannot use your website, and frustration, as well as losses, start to mount.
The endgame here is to hold an organisation or business hostage, similar to a ransomware situation. Essentially, the hackers will either threaten a business with a DDoS attack or continue a DDoS attack until their demands are met.
Famous Examples of DDoS Attacks
Organisations of all sizes, in all industries, have been hit with DDoS attacks. This is a very common and very costly type of attack, with Cisco predicting that by 2023, these attacks will number over 15 million per year – double the number that occurred in 2018. According to Kaspersky, their 2018 data showed an average cost for these attacks at US$2 million for larger enterprises and US$120,000 for SMMEs. Some of the most notable examples of DDoS attacks include:
- AWS – In February 2020, Amazon Web Services was hit with an attack that lasts 3 days and flooded the servers with a record-breaking 2.3 terabytes per second of data.
- GitHub – In February 2018, this very popular online code management system was hit by an attack that used memecached databases to flood servers with spoof requests. The attack was able to be stopped in just 20 minutes, a very impressive response.
- Estonia – Countries can be hit as easily as businesses, and in 2007, Estonia’s government, financial institutions, and media outlets were hit by a coordinated attack. It is considered to be the first act of cyber warfare and led to the development of new international cybercrime legislation.
- Six banks – In March of 2021, Bank of America, JPMorgan Chase, Citigroup, Wells Fargo, PNC Banks, and US Bank were hit by DDoS attacks allegedly coordinated by the military wing of the Palestinian Hamas organisation. These attacks used botnet technology to flood websites and systems, affecting revenue, customer service, and reputations while racking up considerable mitigation expenses.
How to Prevent DDoS Attacks
Step #1 – Properly Configure Firewalls and Routers
Effective security measures will be better able to distinguish between genuine traffic and fake traffic, blocking it from your website and systems before it gets a chance to shut it down. This is a critical first line of defence and an essential preventative measure for every business.
Step #2 – Secure Devices
Like all malicious technology, DDoS attacks are constantly evolving and discovering new vulnerabilities. As a result, it is critical to keep your applications updated with the latest patches, secure your systems against malware, and educate your employees to recognise and avoid high-risk situations.
Step #3 – React Quickly
As soon as you are alerted about a possible DDoS attack, contact your managed IT services provider and ISP. They will be able to check and see if the traffic is legitimate or not, and to take action to reroute your traffic and keep your website operational while the attack is being dealt with.
Your Best Protection is a Dedicated IT Services Partner
The best way to protect your small business from DDoS and other cyberattacks is to find the right managed IT services provider. At Otto, we can design, implement and manage an IT solution within your budget, so you don’t have to expend essential capital on non-core business resources. Contact us and find out how we can help prevent your business from becoming a statistic