Hacking has never been easier for cybercriminals. Software has automated the process, making random attacks more frequent and harder to spot. Making matters worse, many small business owners take a one-and-done approach to their technology: After they install devices and software, they ignore them until something goes wrong.
While some cybercrimes occur quietly and remain undetected, others wreak havoc in plain sight. Distributed denial of service (DDoS) attacks achieve the latter, and they’re often successful because business owners attribute the symptoms to sources other than hackers.
Overview: What is a DDoS attack?
In DDoS attacks, the hacker’s goal is to disrupt traffic to a website or service by flooding the site with fake messages and requests for connection. The traffic overload crashes the site so it’s unavailable to users. For businesses that depend on their website or service for revenue — such as retailers or digital platforms — the effects can be devastating.
These attacks are successful because it’s difficult to tell the difference between legitimate and fake traffic. Technically, DDoS events aren’t breaches because the endgame isn’t stealing data or intellectual property. Often, hackers carry out the attacks as retaliation, sometimes political in motivation, or as red herrings to distract from more damaging breaches with theft as the intent.
How does a DDoS attack work?
Hackers execute DDoS attacks by coordinating a network of compromised devices, like phones and laptops, to bombard a site with messages and requests. As the Internet of Things (IoT) rapidly expands, ever more devices become potential weapons. The devices are “recruited” by tricking users into downloading malware or by hacking easy-to-guess passwords.
Once the device army is in place, they pose an advanced persistent threat, as hackers lay in wait. When ready, they use a special “command and control” (C2) server to send instructions to the devices to generate fake traffic to the targeted site. The compromised devices are sometimes referred to as “zombie” computers, and the network they form is called a “botnet.” Once DDoSed, a site crashes and goes down.
3 types of DDoS attacks
There are three primary types of DDoS attacks, but cybercriminals often combine them to make the attack more effective. By hitting multiple fronts, the hackers can inflict more pain and do more damage before the hack is identified and stopped.
1. Volumetric attacks
Hackers generate an overload of traffic well beyond a website’s capacity, exhausting bandwidth and making it impossible for legitimate site traffic to get through.
Often, the attacker will spoof the site’s IP address. In such an IP DDoS attack, the threat actor can then control the outgoing messages as well, further jamming traffic in both directions.
2. Protocol attacks
Attackers target network infrastructure like servers and firewalls. They eat up their processing capacity, compromising the verification and permission processes that allow servers to connect with those legitimately requesting access. One such attack is called the “ping of death,” which sends a massive data packet that crushes available bandwidth.
3. Application attacks
Targeting applications requires more sophistication. The hacker identifies vulnerabilities in the application, then initiates transactions that eat up disk space and memory. One such attack, the HTTP flood, looks like normal web activity but in fact consumes as many server resources as possible.
How to spot a DDoS attack
Your head may be spinning as you attempt to understand protocol, application, and volumetric attacks. You may wonder how you can stop them if you can’t even describe them. As complex as these tactics sound, their symptoms are much easier to spot.
Signs of DDoSing include:
- Inability to access a site for long periods
- Excruciatingly slow access to files on the site
- Frequent disconnection when accessing the site
- Excessive numbers of spam emails
Unfortunately, in addition to indicating the possibility of DDoSing, these are symptoms of other tech issues as well. It’s a good bet that if you receive such complaints about your website, your mind won’t immediately turn to threat hunting.
However, if you experience two or more of these symptoms for a prolonged period, you may have suffered a DDoS attack.
How to protect against DDoS
The most important strategy for preventing cyberattacks, including DDoS attacks, is vigilance. Paying attention to abnormal site behavior, encouraging awareness among employees, and updating cybersecurity tools are essential for preventing DDoSing.
Monitor website activity
When you review web activity reports, make note of any prolonged spikes or unusually high user numbers. If you use cybersecurity software to help identify weak spots in the network, compare the data and look for anomalies. Unexplained changes in the number of users could indicate a DDoS attack.
Increase website capacity
Be sure your website has enough bandwidth to handle spikes in visitors, which can serve as an obstacle to hackers. The fewer visitors your site can manage, the more likely a DDoS attack can take it down.
Hire a third-party security provider
If DDoS attacks repeatedly target your site, you may need some expert assistance. Handing over security to a knowledgeable provider will give you peace of mind and greatly reduce your risk level.
Secure firewalls and routers
First, be sure you are using a firewall. Then configure your firewalls and routers to detect fake traffic.
Additionally, practice basic cyber hygiene around these devices: change the factory-set passwords and update the devices’ firmware regularly with the latest security patches.
Safeguard IoT devices
All the gadgets in your office that connect to the internet are potential entry points for hackers. If a device doesn’t need the internet to work, disconnect that functionality. If it must connect to operate, use a password that is long and difficult, and change it regularly.
Additionally, deploy a zero-trust policy for these devices, connecting them to their own server. Keep that server separate from critical data and infrastructure. If a hacker does manage to gain entry through a printer or television, they can’t access other critical areas of your network.
Finally, be sure you secure your employees’ devices, especially laptops and phones as well as the routers and printers they use when working from home. Use multifactor authentication, which hinders DDoS attacks because hackers rarely have access to more than one identifying marker.
You also should look into endpoint security solutions, including a VPN, to reduce the risk of remote workers granting hackers entry to your network.
Denying DDoS attacks
Hackers favor DDoS attacks because they are simple, effective, and create general chaos. While they are a common type of hacking, you can protect yourself if you pay attention and take precautions.
Attackers depend on small businesses falling short in cybersecurity prevention, but you don’t need to invest in artificial intelligence and machine learning to protect against DDoSing. Understanding the threat and improving your cyber hygiene will greatly mitigate your risk, no matter how big or small your website.