What is a Distributed Denial of Service Attack?

Distributed denial of service or (DDoS) attacks typically make news when they are large enough to bring down a website, and the affected website belongs to a well-known organization. In 2017, the total number of DDOS attacks that were observed and reported was 7.5 million, up from 6.8 million in 2016. On average, companies are faced with 237 DDoS attacks per month. Most DDoS attacks are not large, volumetric attacks, and DDoS hackers target all kinds of organizations. No organization is immune to a DDoS attack, and any size DDoS attack should be cause for alarm.

Research has shown that the vast majority (93%) of DDoS attacks are under 1 Gbps, and 96% last less than 30 minutes. While this is not enough usually to cause impact or a service disruption to an organization then why would hackers launch such attacks?  Why should companies care, and why should companies invest money into protecting against these kinds of attacks as long as their network remains up and running?

Hackers launch low-threshold or low & slow DDoS attacks because they require very little resources from attackers and can be an easy way to infiltrate and discover a network. Since the attacks are brief – typically less than five minutes they are usually not detected by security teams or traditional DDoS scrubbing solutions. These attacks typically require very little bandwidth to execute, they are nearly impossible to detect without an advanced in-line DDoS protection solution that has granular detection capabilities.

In cases where the IT security staff does notice a DDoS attack in progress, the attack often serves as a smokescreen to distract the security staff while hackers stealthily find pathways and test for vulnerabilities within a network. Hackers may install malware to syphon sensitive data, such as email addresses or credit card numbers, or even intellectual property. In addition, hackers may enslave the network, so it can later be exploited as a bot in a botnet army.

Just because a DDoS attack is small doesn’t mean it isn’t a huge problem. It takes hackers only a few minutes to map a network, hijack data, install malware, and discover your network vulnerabilities.  DDoS attacks can usually be a precursor to a ransom attack, once hackers have broken into a network they can install ransomware and steal sensitive documents.

If there was one good thing about a classic DDoS attack is that you knew an attack was underway when your website was brought down, now companies must protect themselves against other types of DDoS incursions.  While DDoS attacks are nothing new, organizations need to understand the realities and cost of a breach and ensure they are equipped to handle it.  Those that do not learn from previous companies who have experienced a breach and the consequences of such an outcome are often doomed to end up the next news headline.

To learn more, contact Thrive and hear how you can protect your company from such attacks.