With most office workers still working at home, the network has now become the major linkage between employees and their jobs.
Unfortunately, this means that the effects of DDoS attacks (Distributed Denial of Service)—large-scale attacks which rely on flooding networks and web applications with fake traffic—is multiplied. It used to be that DDoS attacks largely affected consumers browsing websites on public networks, but now DDoS attacks can prevent the workforce from doing their jobs. How can companies respond?
DDoS Attacks are Growing in Frequency, Complexity, and Severity
The top-line news is that there are more DDoS attacks than ever. In Q1 2020, DDoS attacks rose 524% compared to Q4 2019, and by 278% compared to Q1 2019. In addition, these attacks have grown in technical sophistication, allowing them to evade traditional controls.
Looking at the numbers, we can see that the latest spike in DDoS attacks is essentially the crest of a large wave that began in 2019, a year in which DDoS attacks rose 967% compared to the year before.
Not only has there been an increase in the overall number of DDoS attacks, the attacks themselves got larger. The size of a DDoS attack is measured in throughput, i.e. the amount of junk data that gets piped through to a target. In June 2020, Amazon announced that it had successfully weathered the largest DDoS attack in history, with a throughput volume of 2.3 terabytes per second. Although this attack was an outlier, all of the ten largest attacks during 2019 achieved a throughput of at least 40 GBps—and the larger attacks might not even be the ones you have to worry about.
Detecting junk traffic has been the key defense against DDoS attacks. As soon as the network perimeter can tell that traffic isn’t associated with a customer or user, it can discard that traffic, making the DDoS attack a failure. As a response, researchers are now reporting on what’s known as “invisible killer” DDoS attacks. These attacks involve short-duration, low-throughput events that are harder for ISPs to detect. This makes it possible for attackers to disrupt companies and websites without triggering protections.
Why Do You Need to Worry About DDoS Attacks?
Many see DDoS attacks as a sort of nuisance behavior, because technically it’s not possible to steal data directly using this method. A DDoS attack may crash a website, but it doesn’t allow attackers to implant malware, extract personal information, or steal passwords. What’s more, a lot of DDoS attacks are performed by neophyte attackers who are flexing their skills for the first time—these are usually easier to detect and mitigate.
Unfortunately, the attacks that are happening now are well beyond nuisance-grade. For example, what’s known as a DDoS protocol attack, attackers direct their malicious traffic with the aim of disrupting your firewall, and not your website itself. With your firewall down, attackers may be able to conduct an intrusion attempt without your knowledge, using the huge volume of traffic on your network to mask a more serious attack.
In addition, DDoS for hire is a known risk. In this instance, a third party—usually a business rival—will hire a team of attackers to DDoS a victim’s website. The victim is unable to do work or make sales, which means that the instigator can profit indirectly as customers desert the stricken business (average cost of IT downtime = $5,600 per minute). Notably, the number of DDoS for hire services doubled at the beginning of last year.
Lastly, there’s also DDoS for ransom to contend with. Since attackers know that businesses can’t long survive due to the cost of outages, they bet that victims will pay a ransom to make the problem go away immediately rather than fight it on their own. Because businesses are so much more vulnerable now, the risk of DDoS for ransom is also increasing.
Protecting Companies from the Next Wave of DDoS Attacks
As shown, traditional protection methods that work by measuring abnormal increases in network traffic are no defense against “invisible killer” DDoS attack. These protections are also no defense against attacks that can direct terabytes of junk data to your website every second. Nearly every company, large or small, is at risk.
Until researchers can find new ways of detecting and mitigating DDoS attacks, businesses need to plan for resilient. They need to invest in communication tools that don’t rely on traditional network channels, allowing them to sidestep networks that are under attack. They also need to find advanced monitoring capabilities that can help them identify potential threats.
Here at Progress, we offer both solutions. Our managed file transfer software provides complete visibility and control over your data transfer process, and lets you implement processes that are resistant to several forms of disruption. Meanwhile, our WhatsUp® Gold Network Monitoring Software provides you with sophisticated network mapping and monitoring capabilities, allowing you to detect and mitigate DDoS attacks before they threaten your infrastructure. If you’d like more information about how to protect your network from a resurgent DDoS threat, download one of our free trials today!
Andrew Sanders
Writer on technology, information security, telecommunications, and more.