Distributed denial of service, or DDoS attacks can bring down your website and leave you inaccessible to the rest of the internet for hours or days on end.
Picking up the pieces after a DDoS attack is a long and costly process. The average financial cost of a DDoS attack for a small or midsize business is about $123,000, and that number is on the rise.
DDoS attacks have grown bigger and more complex over the years, and they spare no website or network.
Thirty-three percent of businesses were hit by DDoS attacks in 2017, nearly double the number of attacks in 2016.
Eight-two percent of organizations have faced multiple DDoS attacks.
Small businesses, individual website owners, and bloggers are more vulnerable than large corporations, because they have more IT resource constraints that make it harder to detect and prevent a DDoS attack.
But, even with limited resources, small businesses can-and should-implement a strategy for safeguarding against DDoS attacks, using a combination of cloud infrastructure, network monitoring, and blockchain technologies.
Failing to create a multifaceted approach to prevention means you’re vulnerable to attack, which could end up costing you upwards of $140,000 in recovery.
In this article, we’ll explain the concepts you need to understand about DDoS attacks and show you some ways to avoid becoming a target.
When 'zombies' target you: How a DDoS attack works
Be warned: DDoS attacks are getting larger and more frequent
Stories of real DDoS attacks: It could happen to you
The aftermath of a DDoS attack: Downtime, increased costs, and vulnerability to other cybercrimes
7 ways to prevent a DDoS attack: Software, blockchain, and more
In DDoS attacks, multiple systems flood a server, website, or any other network resource with connect requests, messages, or other communication packets. The goal is to slow down or crash the system.
The concentrated attack and subsequent shut down of the system results in a “denial of service” for legitimate users.
DDoS attacks target your system with heavy traffic to bring it down (Source)
An attacker exploits vulnerabilities in a computer and makes it the DDoS master. The compromised system then targets multiple computer systems with vulnerabilities and gains control over them using malware or Trojan. The systems under the control of the attacker are called “zombies.”
The attacker then uses the traffic generated by the compromised devices to flood the target domain and shut it down.
DDoS attacks are simple to orchestrate and relatively inexpensive to carry out. And, manual methods of launching a DDoS attack are now being replaced by automated programs that are capable of more complex and persistent attacks.
The strength of a DDoS attack is measured in gigabytes per second (Gbps).
Forty-two percent of organizations reported an increase in DDoS attacks greater than 50 Gbps in 2017, compared to 10 percent in 2015.
Withstanding such attacks becomes difficult, especially for small businesses, as you need extra bandwidth to absorb the surge in traffic.
The volume of traffic needed is expected to increase as DDoS attacks add more zombies, including new endpoints such as mobile phones and other connected devices.
According to Gartner, there will be 20.4 billion internet-connected “things” by 2020.
Poorly secured connected devices, such as smart cameras, thermostats, or other personal devices, are easy targets for attackers to launch malware-based DDoS botnets. These attacks are large-300 Gbps or more-and more difficult to prevent.
From 2016 to 2018, Mirai, a botnet designed to gain remote access to millions of vulnerable IoT devices, brought down several websites-including those of many small businesses-in massive DDoS attacks. Popular security blog, KrebsOnSecurity, came under sustained DDoS attack from more than 175,000 IoT devices.
According to cloud delivery provider, Akamai:
"As vulnerable devices are added to IoT-based botnets, we expect a second surge in botnet capabilities and DDoS attack size."
A network of internet-connected devices infected and controlled as a group by a common type of malware, without the owners' knowledge.
Few companies are able to withstand DDoS attacks. Most crash for a few hours or days, and sometimes even permanently.
In 2018, GitHub faced 1.35 Tbps traffic because of an attack and went down for 10 minutes. It was able to mitigate the sustained DDoS attacks by routing traffic through DDoS mitigation provider Akamai Prolexic's larger network.
In 2016, the servers of Dyn, a company that controls most of the U.S's DNS servers, came under sustained DDoS attacks, bringing down prominent websites including Twitter, Netflix, Reddit, CNN, and others. Mirai botnet, which caused this attack, had over 100,000 zombies and a strength of 1.2 Tbps.
Many businesses don’t realize they’re at risk until after a cyberattack. Here are some examples of small businesses that became DDoS attack victims. Their experiences provide valuable lessons about loopholes in security practices and how to avoid or overcome them.
DDoS attacks on the website of 5050 Skatepark, an indoor games operator, wreaked havoc on the business’s operations and revenue. Customers were left wondering whether the business was closed.
Why they were vulnerable: The business didn't have a strong password security strategy in place before the attack.
What they did after the attack: The company rejiggered its passwords and enforced strict password policies that required users to have different passwords for different accounts. They now monitor their website regularly and train employees in cybersecurity.
Rokenbok, a gaming company, saw its website get shut down completely due to DDoS attacks. This was followed by a ransomware attack that rendered its systems useless and cost the company tens of thousands of dollars.
Why they were vulnerable: At the time of the attack, Rokenbok didn't have a cyberrisk management strategy in place.
What they did after the attack: The company spent four days restructuring their business and added new security strategies to prevent future threats.
Domain Name System (DNS) is the internet's system for converting alphabetic names in a web URL into number IP addresses.
A Kaspersky survey found that 30 percent of businesses do not take any preventive measures, because they believe they are unlikely targets of DDoS attacks.
DDoS attackers randomly target open ports, and yours could just happen to be one of them
A type of TCP/IP traffic, defined by a number, and that is allowed to accept communication packets. A closed packet rejects all communication packets directed at it.
DDoS attacks are often used as a diversionary tactic. While you’re distracted, the attacker might actually be injecting malware or stealing valuable data.
According to Kaspersky’s survey, 53 percent of respondents affected by DDoS attacks claimed that it was used as a cover-up. Of those DDoS attacks:
Forty-nine percent masked a data theft or leak
Forty-two percent covered up a network intrusion or hacking
Twenty-six percent hid a financial theft
Most businesses rely on the internet for day-to-day operations. System downtime due to DDoS attacks affects your business operations and your customers’ ability to reach you. Of companies hit by DDoS attacks:
Twenty-six percent reported a significant decrease in performance of services.
Fourteen percent recorded a failure of transactions and related processes.
The biggest challenge for businesses was the cost of fighting a DDoS attack and restoring services, according to a survey of business professionals.
For small businesses, the highest DDoS related-expense was paying overtime as employees rebuilt systems and files. Twenty-three percent of businesses reported a loss of revenue and business opportunities as a result of DDoS attacks.
"While DDoS attacks can't be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive."
Preventing a DDoS attack may not always be possible. But, here are some ways you can be more resilient and arm yourself to detect attacks and mitigate them before they get out of hand.
One way to minimize the impact of DDoS attacks is by overprovisioning bandwidth.
Using cloud services is a simple and cost-effective option for small businesses. Cloud computing supports bandwidth pooling and resource autoscaling. This makes cloud customers more resilient to DDoS attacks.
Cloud-based services are scalable, and you can take advantage of the service provider’s resources to deal with DDoS attacks. You also don’t have to worry about maintaining and securing a network infrastructure.
Internet service providers (ISPs) can also help you with additional bandwidth when needed. Work with your ISP to learn what mitigation services they provide in the event of a DDoS attack.
However, relying on your cloud provider or ISP alone is not the right strategy. You could end up being the collateral damage of an attack on the cloud provider’s or ISP’s co-tenant.
To plan for this, monitor your network continuously to detect abnormal traffic and work with your ISP to reroute traffic to a scrubbing center or to block attacks inline, as soon as they are detected.
A data cleansing unit where incoming traffic is analyzed and malicious traffic from a DDoS attack is removed.
Small businesses must monitor bandwidth and remain alert to potential traffic spikes that could be a DDoS attack or virus.
Network monitoring tools help monitor traffic and raise alerts whenever there is an unreasonable spike, providing the first level of security. These tools, along with DDoS mitigation tools, help to detect and mitigate DDoS attacks.
Analyzing your network logs will alert you to security threats on your network. Network firewalls, load balancers, and web application firewalls are other tools that will help strengthen your network defenses.
Network monitoring graphs in software platform, Paessler show traffic, usage performance, and availability
DDoS mitigation service providers, such as Akamai or Arbor Networks, reroute the excess traffic to a mitigation center and scrub it, allowing only legitimate traffic to reach your website.
Updated security features reduce the damage that an attack can cause, including financial theft, data theft, or ransomware.
Unpatched servers and application vulnerabilities are easy targets for hackers. You must ensure that any open source platforms you use, such as WordPress, are updated as soon as updates are available, and security flaws are fixed.
Anti-virus solutions such as ActivTrak help prevent employees from accessing harmful linksand monitor their internet activity
There is little you can do to stop it once your website or server is already under a traffic assault, besides go into fire-fighting mode.
One way to be prepared in advance, however, is to keep ready an action plan that your business will follow in case of a DDoS attack. This will include the emergency contact details of your ISP, members within your business who need to be notified, and incident report templates that explain the incident.
Educate and train your staff on cybersecurity. If you have the resources, get one of your team members trained in security certifications such as GCIH, and make them the person responsible for handling your cybersecurity plan.
Project Shield is Google’s free service that helps protect websites from DDoS attacks. It displays cached content to website visitors. This reduces traffic requests to your web server and absorbs potential DDoS attacks.
Note: The project supports only news websites, election monitoring websites, and human rights websites (after review of an application).
Businesses are beginning to explore blockchain to prevent and mitigate DDoS attacks. Blockchain is a decentralized system with multiple nodes. Operating the DNS on a blockchain would ensure that attacks are not concentrated on a centralized source, crippling it.
To successfully bring down a DNS on a blockchain, hackers would have to gain access to multiple nodes at the same time, which makes implementing the attack more difficult, time-consuming, and expensive.
Alternatively, companies are also using blockchain technology to create a decentralized network of servers that can quickly send bandwidth to other servers facing attacks. The attacked server can then withstand the DDoS onslaught by absorbing the excess traffic using the additional bandwidth.
Rate your team’s security skills and capabilities. If you feel you aren’t equipped to handle business IT security yourself, look for security experts that can advise you on DDoS prevention techniques and more.
Check out the security vendor’s past experience, its product offerings, client base, cost, and support options before finalizing implementation of DDoS mitigation solutions.
To learn more about security best practices, read our other useful articles on the topic:
Everything you need to know about security assessments to safeguard your data
A security assessment template for small businesses: Evaluate your IT security
"Thou shalt backup thy data": 10 Commandments for small business data backup
Et tu, Coworker? How to stop security breaches caused by employees
For more resources, visit our Security Lab.If you want to check out security software solutions, visit GetApp's security software directory that lists 370+ solutions. You can also compare and review the software solutions.