What is a Distributed Denial of Service (DDoS) Attack?

Businesses at risk of cyber-attacks has remained a hot topic. Cybercriminals continue to remain one step ahead of the authorities, which has led to companies becoming increasingly vulnerable. With over 4 billion active Internet users across the globe, it makes sense that any business, big or small, has an active website to attract customers. Therefore, it’s imperative that companies have a functioning website and secondly, the website is secure enough to deter cyber attackers, keeping client and company information secure. With many cyber threats circulating, businesses must remain aware of how they can be impacted. A common attack where company websites are exploited is a Distributed Denial of Service attacked (DDoS).

 

What is a Distributed Denial of Service?

A Distributed Denial of Service (DDoS), is a cyberattack where a cybercriminal undertakes malicious action against a target, by sending an overwhelming amount of traffic to a single website or machine, causing it to become unavailable to its intended users. A DDoS attack can disrupt the availability of essential services we use as part of our everyday life. Typically, a DDoS attack is conducted by a single attacker utilising an array of infected or vulnerable machines (known as zombies) to easily ramp up the power of the attack.

 

5GN_DDoS_EG_v02.jpg

Types of DDoS

There are many types of DDoS attacks, the more common are classified as:

·      Volumetric Attack: where the goal is to generate enough bandwidth to saturate the bandwidth of the targeted site, with its magnitude being measured in bits per second (bps)

·      Protocol Attack: targeted at consuming remote server resources or firewalls and load balancers. These are measured in Packets per second (pps).

·      Application Layer Attacks: floods which target known web application vulnerabilities such as an unpatched website. These are measured in requests per second (rps).

How to mitigate a DDoS attack?

The key concern with mitigating a DDoS attack is differentiating between traffic driven by an attack and regular traffic driven by intended users. For example, a company is running an online promotion which will drive a surge in traffic to their website. Therefore, traffic will not be cut off during this period as it is legitimate traffic from an intended audience. So how is the traffic differentiated?

 

 

5G Networks have firm policies and procedures in place to effectively mitigate a DDoS attack. Experienced service managers maintain strong relationships with clients that use our web hosting services. A core part of the relationship between service managers and clients, is not only understanding the requirements of our clients however, remaining up to date with the trends and behaviours of their clients. This enables our team to understand how and when clients will have increased traffic visiting their websites. Some of our clients operate in the retail sector. Service managers frequently meet with key stakeholders of these clients to remain up to date with marketing campaigns and understand the key periods where clients have more website visitors than usual.

 

 

However, for genuine attacks, our team have developed SADCATS – Super Awesome DDoS Collector And Traffic Steerer. SADCATS is a collection of tools that monitors Netflow traffic generated by our border routers, which makes decisions and network changes based upon its customisable configuration. By default, SADCATS will alert our team when it believes a DDoS attack is imminent, indicated by a breach of one of our warning thresholds. This will then flag a DDoS attack and begin implementing notifications to make routing changes within our network, black holing the networks and taking the website offline for anywhere between 3-8 minutes. Being offline will allow the website to have a clean network feed, removing the black hole on the network and become available to its intended users.

 

Typically, for a DDoS attack that is not mitigated, a website may be offline for hours, if not days. Beyond that, companies may experience financial consequences, the risk of data being compromised and damage to a company’s brand and reputation.