If you're on a Galaxy Fold, consider unfolding your phone or viewing it in full screen to best optimize your experience.
Hacking has never been easier for cybercriminals. Software has automated the process, making random attacks more frequent and harder to spot. Making matters worse, many small business owners take a one-and-done approach to their technology: After they install devices and software, they ignore them until something goes wrong.
While some cybercrimes occur quietly and remain undetected, others wreak havoc in plain sight. Distributed denial of service (DDoS) attacks achieve the latter, and they’re often successful because business owners attribute the symptoms to sources other than hackers.
In DDoS attacks, the hacker’s goal is to disrupt traffic to a website or service by flooding the site with fake messages and requests for connection. The traffic overload crashes the site so it’s unavailable to users. For businesses that depend on their website or service for revenue -- such as retailers or digital platforms -- the effects can be devastating.
These attacks are successful because it’s difficult to tell the difference between legitimate and fake traffic. Technically, DDoS events aren’t breaches because the endgame isn’t stealing data or intellectual property. Often, hackers carry out the attacks as retaliation, sometimes political in motivation, or as red herrings to distract from more damaging breaches with theft as the intent.
Hackers execute DDoS attacks by coordinating a network of compromised devices, like phones and laptops, to bombard a site with messages and requests. As the Internet of Things (IoT) rapidly expands, ever more devices become potential weapons. The devices are “recruited” by tricking users into downloading malware or by hacking easy-to-guess passwords.
Once the device army is in place, they pose an advanced persistent threat, as hackers lay in wait. When ready, they use a special “command and control” (C2) server to send instructions to the devices to generate fake traffic to the targeted site. The compromised devices are sometimes referred to as “zombie” computers, and the network they form is called a “botnet.” Once DDoSed, a site crashes and goes down.
There are three primary types of DDoS attacks, but cybercriminals often combine them to make the attack more effective. By hitting multiple fronts, the hackers can inflict more pain and do more damage before the hack is identified and stopped.
Hackers generate an overload of traffic well beyond a website’s capacity, exhausting bandwidth and making it impossible for legitimate site traffic to get through.
Often, the attacker will spoof the site’s IP address. In such an IP DDoS attack, the threat actor can then control the outgoing messages as well, further jamming traffic in both directions.
Attackers target network infrastructure like servers and firewalls. They eat up their processing capacity, compromising the verification and permission processes that allow servers to connect with those legitimately requesting access. One such attack is called the “ping of death,” which sends a massive data packet that crushes available bandwidth.
Targeting applications requires more sophistication. The hacker identifies vulnerabilities in the application, then initiates transactions that eat up disk space and memory. One such attack, the HTTP flood, looks like normal web activity but in fact consumes as many server resources as possible.
Your head may be spinning as you attempt to understand protocol, application, and volumetric attacks. You may wonder how you can stop them if you can’t even describe them. As complex as these tactics sound, their symptoms are much easier to spot.
Signs of DDoSing include:
Unfortunately, in addition to indicating the possibility of DDoSing, these are symptoms of other tech issues as well. It’s a good bet that if you receive such complaints about your website, your mind won’t immediately turn to threat hunting.
However, if you experience two or more of these symptoms for a prolonged period, you may have suffered a DDoS attack.
The most important strategy for preventing cyberattacks, including DDoS attacks, is vigilance. Paying attention to abnormal site behavior, encouraging awareness among employees, and updating cybersecurity tools are essential for preventing DDoSing.
When you review web activity reports, make note of any prolonged spikes or unusually high user numbers. If you use cybersecurity software to help identify weak spots in the network, compare the data and look for anomalies. Unexplained changes in the number of users could indicate a DDoS attack.
Be sure your website has enough bandwidth to handle spikes in visitors, which can serve as an obstacle to hackers. The fewer visitors your site can manage, the more likely a DDoS attack can take it down.
If DDoS attacks repeatedly target your site, you may need some expert assistance. Handing over security to a knowledgeable provider will give you peace of mind and greatly reduce your risk level.
First, be sure you are using a firewall. Then configure your firewalls and routers to detect fake traffic.
Additionally, practice basic cyber hygiene around these devices: change the factory-set passwords and update the devices’ firmware regularly with the latest security patches.
All the gadgets in your office that connect to the internet are potential entry points for hackers. If a device doesn’t need the internet to work, disconnect that functionality. If it must connect to operate, use a password that is long and difficult, and change it regularly.
Additionally, deploy a zero-trust policy for these devices, connecting them to their own server. Keep that server separate from critical data and infrastructure. If a hacker does manage to gain entry through a printer or television, they can’t access other critical areas of your network.
Finally, be sure you secure your employees’ devices, especially laptops and phones as well as the routers and printers they use when working from home. Use multifactor authentication, which hinders DDoS attacks because hackers rarely have access to more than one identifying marker.
You also should look into endpoint security solutions, including a VPN, to reduce the risk of remote workers granting hackers entry to your network.
Hackers favor DDoS attacks because they are simple, effective, and create general chaos. While they are a common type of hacking, you can protect yourself if you pay attention and take precautions.
Attackers depend on small businesses falling short in cybersecurity prevention, but you don’t need to invest in artificial intelligence and machine learning to protect against DDoSing. Understanding the threat and improving your cyber hygiene will greatly mitigate your risk, no matter how big or small your website.
Our Small Business Expert
We're firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers. The Ascent does not cover all offers on the market. Editorial content from The Ascent is separate from The Motley Fool editorial content and is created by a different analyst team.