5 Most Important Things to Know about DDoS attacks

Nowadays, companies are more than ever aware that security attacks can be fatal for a business – getting your website up again is much easier than getting back the customer trust you lost in midst of a successful DDoS attack. DDoS attacks are becoming increasingly common, according to research published by Akamai at the end of 2015. It reported a 180 percent increase in the total number of DDoS attacks compared to the same period a year earlier.

Reduce your AWS costs by over 50%

Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.

Software and technology firms suffer about 25 percent of all DDoS attacks, with Internet and telecoms companies suffering just 5 percent of DDoS attacks, down from 13 percent the previous quarter. The online gaming industry is the major target, accounting for 50% of all DDoS attacks, according to Akamai.

The barrier to entry of DDoS attacks in terms of cost has pretty much diminished, meaning that anyone can launch an attack – being prepared for incoming DDoS attacks can save you a lot of resources down the way. These are the 5 most important things to know about DDoS attacks, helping you to successfully push back (and recover from) an attack:

1. DDoS attacks come in different types and forms. The four most common categories of attacks are:

TCP Connection Attacks – Occupying connections

These attempt to use up all the available connections to infrastructure devices such as load-balancers, firewalls and application servers. Even devices capable of maintaining state on millions of connections can be taken down by these attacks.

Volumetric Attacks – Using up bandwidth

These attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.

Fragmentation Attacks – Pieces of packets

These send a flood of TCP or UDP fragments to a victim, overwhelming the victim’s ability to re-assemble the streams and severely reducing performance.

Application Attacks – Targeting applications

These attempt to overwhelm a specific aspect of an application or service and can be effective even with very few attacking machines generating a low traffic rate (making them difficult to detect and mitigate).

2. Identifying a DDoS attack early

If you run your own servers, you need to be able to identify when and if you’re under attack. The sooner you identify that you’re under attack, the sooner you can start doing something about it. Familiarize yourself with your typical inbound traffic profile; the more you know about what your normal traffic looks like, the easier it is to spot when its profile changes.

Most DDoS attacks start as sharp spikes in traffic, and it’s helpful to be able to tell the difference between a sudden surge of legitimate visitors and the start of a DDoS attack. Nominating a DDoS leader in your company is a good start.

3. Attack amplification – there are two ways attacks can multiply the traffic they are sending

• DNS Reflection – Small request, big reply

By forging a victim’s IP address, an attacker can send small requests to a DNS server and ask it to send the victim a large reply. This allows the attacker to have every request from its botnet amplified as much as 70x in size, making it much easier to overwhelm the target.

• Chargen Reflection – Steady streams of text

Most computers and internet connected printers support an outdated testing service called Chargen, which allows someone to ask a device to reply with a stream of random characters. Chargen can be used as a means for amplifying attacks similar to DNS attacks.

4. The loss of customer trust is the biggest consequence of a DDoS attack

The loss of trust and confidence of customers is the most damaging consequence of a DDoS. It’s reported that 50% of companies that fell victim to a successful DDoS attack, suffered from loss of customer trust, followed by a 34% loss in revenue. Network or website service availability is crucial to ensure customer trust and satisfaction – when an end user is denied access to your website/web service, or if latency issues obstruct the user experience, it immediately impacts the bottom line. Small-scale attacks can also be deadly by impacting network performance, ultimately ruining user experience. Loss in customer trust is not a technical issue, it’s a tactical issue – avoiding this crisis should be your priority.

5. Hiring a DDoS specialist is the best way to handle attacks and permanently protect your web business

In midst of an DDoS attack,  your best chance of staying online is to use a specialist DDoS mitigation company. These organizations have large scale infrastructure and use a variety of technologies, including data scrubbing, to help keep your website online. DDoS mitigation services are not free, but it’s cheaper to hire a DDoS specialist than recover from a successful attack. These are just some of the DDoS mitigation specialists you should put into consideration:

• Akamai
• Amazon Web Services – AWS
• Incapsula
• CloudFlare
• Arbor
• Verisign
• GlobalDots
• Neustar

Also, it’s a smart idea to create a DDoS playbook which documents in detail every step of a pre-planned response when a attack is detected. DDoS mitigation companies can help with this by running a simulated DDoS attack, enabling you to develop and refine a rapid corporate procedure for reacting to a real attack. Planned response is all that matters.