What is a Distributed Denial of Service Attack?
Distributed denial of service or (DDoS) attacks typically make news when they are large enough to bring down a website, and the affected website belongs to a well-known organization. In 2017, the total number of DDOS attacks that were observed and reported was 7.5 million, up from 6.8 million in 2016. On average, companies are faced with 237 DDoS attacks per month. Most DDoS attacks are not large, volumetric attacks, and DDoS hackers target all kinds of organizations. No organization is immune to a DDoS attack, and any size DDoS attack should be cause for alarm.
Research has shown that the vast majority (93%) of DDoS attacks are under 1 Gbps, and 96% last less than 30 minutes. While this is not enough usually to cause impact or a service disruption to an organization then why would hackers launch such attacks? Why should companies care, and why should companies invest money into protecting against these kinds of attacks as long as their network remains up and running?
Hackers launch low-threshold or low & slow DDoS attacks because they require very little resources from attackers and can be an easy way to infiltrate and discover a network. Since the attacks are brief – typically less than five minutes they are usually not detected by security teams or traditional DDoS scrubbing solutions. These attacks typically require very little bandwidth to execute, they are nearly impossible to detect without an advanced in-line DDoS protection solution that has granular detection capabilities.
In cases where the IT security staff does notice a DDoS attack in progress, the attack often serves as a smoke