If a website or online service won’t open, it can’t serve any users, cater to any customers, and make any money. This is what the cyberattack known as DDoS (Distributed Denial of Service) is designed to do. By bombarding a target with massive amounts of fraudulent traffic, DDoS attacks overload their victims’ capacity to accept requests, causing the temporary outage of their website or service.
These requests come from a “botnet” of infected computers and devices which are used like Manchurian Candidates to send fake requests. Without the proper DDoS mitigation tools, the results can be devastating.
DDoS attacks cause major damage
The first DDoS attack was launched on July 22, 1999, against the University of Minnesota. At the time, a network consisting of 114 computers, that had been infected with a bad script called Trin00, was used to bring down the university’s computer system.
Since then, attacks have gotten larger,
longer, more sophisticated and, unfortunately, more frequent. One big reason
for the frequency increase is the lower barrier to entry. Today, “DDoS as a
Service” attacks allow would-be troublemakers to rent DDoS attacks for as
little as a few bucks; gaining access to large botnets of malware-infected
machines which can be used to target enemies. By making DDoS attacks available
in this way, the attacks are no longer solely the remit of professional cyber
criminals and hacktivists but, potentially, anyone. The result has been an
explosion of DDoS attacks.
A DDoS attack will render targets unable to be accessed by legitimate users. This can have plenty of negative effects, whether it’s lost time spent trying to resolve the problem, dented user loyalty from customers unable to access a service, lost income from unwanted downtime, or wasted resources running impacted services. Depending on the size of the business and the duration of the service outage, a DDoS attack can cause tens of thousands of dollars (or more) of immediate damage. In some cases, when it comes to customers’ faith in your service or hyper-competitive markets with rivals poised to jump on any misstep, long-term damage might be incalculable.
The rise of ransom DDoS attacks
This isn’t the only way that DDoS attacks can financially hurt targets, either. Increasingly common are DDoS ransom attacks, sometimes referred to as RDDoS or RDoS attacks. These attacks take advantage of the oversized threat DDoS attacks represent to extort would-be targets. The results are a digital age twist on the old gangster threat: “Lovely website you’ve got there. It would be a shame if something was to happen to it.”
Attacks typically begin with hackers (or those claiming to be hackers) contacting a website or online service and threatening that they will launch a DDoS attack at a particular time and day if a ransom payment is not made. This ransom is usually asked to be paid in Bitcoin or another cryptocurrency, making it harder to trace. In some instances, the threat could be accompanied by a smaller DDoS attack to prove the seriousness of the threat. The hope is that targets will be sufficiently spooked by the threat that they will be willing to pay up to avoid the disruption an attack could cause. They may rationalize it by reasoning, as the attackers hope, that the ransom demand is less than the cost associated with an attack taking place.
Once a niche type of cyberattack, RDoS attacks are going mainstream. In September 2020, the Federal Bureau of Investigation (FBI) warned companies in the United States that thousands of organizations around the globe, representing a number of different industry sectors, had been threatened with DDoS ransom attacks. These attacks come from attackers claiming to be from famous (or infamous) hacking groups including Armada Collective, Cozy Bear, Fancy Bear, and Lazarus Group. Ransoms demanded ranged from ten to twenty Bitcoin (between $113,000 and $226,000). The FBI advised that companies targeted with such threats do not agree to pay the ransom.
All of this evidence brings up one indisputable point: DDoS attacks will cost you. If they don’t cost you in obvious financial ways, such as demands for cash or lost revenue from offline services, they can cost you in other ways, such as dented customer loyalty.
Ending the DDoS threat
But all is not lost. Far from it, in fact. To help end the DDoS threat, companies should consider investing in strong DDoS protection services. These tools work by watching out for new and emerging attack methods for possible impending DDoS attacks. They will then block the threat, while continuing to allow legitimate traffic through. DDoS protection systems should be scalable (able to grow with the changing needs of your business and the increased size of DDoS cyberattacks) flexible (able to adapt in real time to new threats) and reliable (up-to-date, and able to respond quickly and consistently when you need them the most.)
Mitigating the threat of DDoS attacks remains
a big challenge. But cybersecurity experts are working hard to make sure that
this threat does not negatively impact would-be targets. As an organization,
proper protection is one of the smartest decisions you can make.
0 Comments