Distributed denial of service (DDoS) attacks have been heavily affecting businesses for the last 20 years. They have become one of the most powerful instruments in the hands of malicious actors striving to bring down targeted resources by overloading them with too much traffic. The malicious or unusual traffic may include requests for connections, incoming messages, or fake packets. DDoS attacks may vary in terms of sophistication depending on the capacity of the victim’s servers and attackers’ qualifications.
There are resources providing daily information on DDOS attacks and their geographic distribution. For example, let’s look at the DDOS map provided by Digital Attack Map. We see that as of April 2021, the DDoS attacks are mostly targeting 3 regions including the USA, Brazil, and Europe.
There are 7 Open Systems interconnection model layers included in the Internet network connections. A particular type of DDoS attacks is designed to target specified layers, for example:
In most cases, hackers commit DDoS attacks using a network of hacked computers that may be also referred to as zombie computers. Malicious actors add new devices to their botnet by carrying out phishing attacks, using mass infection techniques, and performing malvertising crimes. These devices are used by malicious actors to flood targeted resources so that the amount of data sent is greater than the victim’ bandwidth capacity. The network controlled by hackers may encompass thousands and even millions of zombie computers. The function of the botnet is to send legitimate HTTP or HTTPS requests to overwhelm the targeted web server. Taking into account the amount of time required by a hacker to develop a network of zombie computers, cybercriminals and malicious groups have developed the business model under which botnets are sold or leased to hackers on the black market. However, in some cases, malicious actors may misconfigure computers or trick users to become a part of a botnet even without the need to hack their computers.
The list of indicators of an experienced DDoS attack may include internet disconnection, slow access to files, issues when accessing websites, the large number of spam emails, etc. In most cases, victims cannot easily detect a DDoS attack.
There are 3 basic types of DDoS attacks:
DDoS attacks take place since hackers succeed in exploiting 3 key vulnerabilities including technical debt, monocultures, and system complexity that are attributable to most businesses.
To remain undetected malicious actors manipulate DNS traffic by exploiting various IP addresses assigned to a resource. The botnets rapidly swap IP addresses at random. This method is called Fast Flux DNS.
DDoS attacks are not performed for fun. There are objective factors boosting hackers’ motivation to commit such wrongdoing. The key driver behind DDoS attack is financial stimuli. An attacker requires a victim to pay a solid ransom to stop the attack. DDoS attacks may be also used by businesses to cause financial damage to their competitors. In this case, it is one of the methods of wars between competitors. You may find more info on methods used by companies to beat competitors in the following article. DDoS attacks are also a form of demonstrating disagreement with national policy by crashing government websites. In this case, there are ideological considerations behind DDoS attacks. DDoS attacks are a popular tool to hamper the economic development of certain countries.
The scale of damage experienced by a company due to DDoS attacks depends on their complexity and nature. In most cases, these attacks target websites, thereby, crashing their functioning. As a result, companies that sell goods and services via websites may lose not only money but also reputation. The website downtime may also affect the company’s SEO that will lead to a decrease in the number of new clients. The longer a website is unavailable due to an experienced DDoS attack, the bigger the damage faced by a company. Frequent DDoS attacks faced by a company may also affect its relationships with a hosting provider unless it takes measures to prevent such challenges in the future.
Often, DDoS attacks are simply an instrument in the hands of hackers to put out companies’ security systems thereby creating favourable conditions for committing further cyberattacks. Also, the restoration of the normal functioning of web resources requires companies to spend a significant amount of time. As a result, their IT specialists cannot work on implementing other projects until they address all issues caused by DDoS attacks.
Experienced DDoS attacks may have a negative impact on businesses’ partnership relationships. Taking into account the interconnections between different economic players and the globalization of supply chains, a DDoS attack on a particular player may cause the disruption of the whole chain and may also lead to the compromise of data of other companies. That is why businesses are interested in cooperating only with reliable partners with a clear history of data compromises or system crashes. When speaking about the public-private partnership, government institutions partner only with the companies that are highly resistant to cyberattacks, including the DDoS ones. The businesses that have recently fallen victim to DDoS attacks have low chances to collaborate with the government. Overall, DDoS attacks cause serious damage to businesses and the slower their response to them, the higher the risks that this damage may become irreversible.
The year 2020 set up a few records of DDoS activities:
Let us view some of the recent major DDoS attacks:
In October 2020, Telenor Norway experienced a DDoS attack that lasted 3 hours. Close to 400 Gbps of traffic were directed to the entity’s web resources. The attack was carried out by malicious actors who required the company to pay as a ransom 20 bitcoins. The company refused to pay a ransom, however, its major services were not affected. The attack caused the temporary crash of emails and websites but the crucial services including voice calls and SMS were not affected. The company did not experience huge damage only due to the hard efforts contributed by its tech support. The reasons behind the hackers’ choice to attack the Norwegian telecom provider was related to the attractiveness of the information it stored. Namely, Norwegians demonstrate high demand for iGaming services but the country’s regulators forbid this activity. That is why people in Norway use telecom providers to register on foreign iGaming platforms.
In February 2020, the cryptocurrency exchange Bitfinex reported on the experienced DDoS attack that made it offline for close to 1 hour. Malicious actors were trying to exploit several platform features concurrently to increase the load. The exchange used various protection mechanism to protect itself from DDoS attacks and that is why the experienced damage was minimal. Almost simultaneously, the cryptocurrency exchange OKEx experienced 2 DDoS attacks of 200 and 400-gigabyte severity respectively. The attacks did not cause any damage to the exchange.
In September 2020, powerful DDoS attacks were launched against the Hungarian financial institutions and the telecom company Magyar Telekom. According to the information provided by Magyar Telecom, the volume of data traffic used to commit the attacks was 10 times higher than ever recorded in Hungary. Russian, Chinese, and Vietnamese hackers were likely to stand behind the attacks. As a result, the Hungarian financial entities including OTP faced temporary disruption of operations.
In August 2020, the New Zealand stock exchange (NZX) was offline for 2 consecutive days due to the experienced DDoS attack. The attack affected the exchange’s network connectivity and since the NZX main website was down the exchange could not publish any announcements. However, according to the statement made by New Zealand’s financial regulator, the Financial Markets Authority, the exchange did not prepare itself for potential DDoS attacks and did not take the required preventive measures to avoid the incident. The exchange’s servers lacked adequate DDoS protection.
Thus, companies representing different sectors of the global economy suffer from DDoS attacks. However, the level of damage experienced by businesses due to DDoS attacks varies depending on their DDoS resistance capacity. The better a company is prepared for a potential DDoS attack, the higher the possibility that this attack will not cause any visible damage to its functioning.
There are measures companies can take to mitigate the negative impact of DDoS attacks or fully prevent them. To mitigate the financial and operational implications caused by a DDoS attack companies need to know how to detect them. Here is the list of common indicators of this type of cyberattack:
Measures to be taken to prevent DDoS attacks:
The last point is of the greatest importance for SMEs since the bandwidth and computing power of their servers often is not sufficient to deal with modern DDoS attacks. In April 2021, a new highly promising project disBalancer announced its future entry into the market with the solution that makes businesses resistant to DDoS attacks by allowing them to utilize the free computing power and bandwidth of the devices of users who are connected to the system. Thus, when the client’s web resources experience a spike in traffic, the malicious traffic is distributed in the system so that the client’s web resources continue functioning in a normal way. Here we can see how disBalancer works.
There will be main nodes deployed in each region to which users will be able to connect. When the malicious traffic comes through their resources, they will earn tokens, DDOS tokens. The solution offered by disBalancer is likely to be very effective since one of the main reasons behind businesses’ failure to protect against DDoS attack is the lack of computing power and bandwidth to process high volumes of incoming traffic.
Overall, DDoS attacks have become widespread in modern business and although they may be committed for various purposes, they cause very negative implications for businesses. Malicious actors have been developing the mechanism of these attacks for decades, however, security companies have not sat back and issued a number of security solutions aimed at making companies resistant to DDoS attacks or mitigating to the minimum the damage they cause to entities. Generally, companies need to realize that unless they prepare themselves for potential DDoS attacks, they are likely to fall victim overnight.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.