The most common type of aviation accident is a bird strike. Because of this, most airplanes can handle a bird strike without much, if any, damage. However, there are cases, like with US Airways Flight 1549, aka “The Miracle on the Hudson,” when a whole flock of geese got sucked into the engines and the engines were compromised.
This is how the average person thinks of a DDoS attack — it’s unsophisticated, practically mindless, and while it does pose a threat to business-as-usual, it’s a minor one.
In reality, the situation is more like the Alfred Hitchcock movie, The Birds, wherein a malevolent mass of birds are attacking everyone in sight.
A Brief History of DDoS
Distributed Denial of Service (DDoS) attacks used to be a minor problem. That’s not to say they weren’t annoying or didn’t cause damage, but they were relatively infrequent and short-term attacks, basically the equivalent of internet vandalism.
In the past two years, however, there have been more DDoS attacks and they have been far, far bigger than ever before.
Even a minor attack can knock a business offline, but to make matters worse, attackers are repeatedly targeting the same businesses — an average of 30 attacks per target according to some security firms.
Finally, DDoS attacks are often being launched by advanced, persistent threats — bad actors with the strength and resources to pose extremely large,sophisticated, multi-layered attacks.
In other words, DDoS attacks have gone pro.
Types of Attacks
There are three main reasons for DDoS attacks, from what we can tell (they’re usually anonymous, so it’s hard to be sure.)
- Anti-competition. The most noteworthy example of this is online gambling sites. A DDoS attack slows the website enough that users get frustrated and go to another site.
- “Hacktivism” or politically motivated attacks. This is a pretty big category that includes everything from 4chan ‘script-kiddies’ to global espionage.
- Extortion. The attacker demands payment under threat of further attacks. This is the category most businesses have to worry about.
In extortion attacks, a business may receive a message ahead of time threatening the attack, or the message may not arrive until after the attack has occurred. Regardless, the most important thing is not to pay up, because in many cases, all this does is validate that you are open to extortion. In 2014, RSS service Feedly went down in an extortionist attack. Then a different extortionist did the same thing a day later.
In some cases, the attacks may be subtle, merely slowing traffic without actually downing the servers. This strategy may be simply to avoid triggering countermeasures.
In most cases, the best offense is a good defense. Most companies only start putting systems and processes in place to thwart malicious attacks once they’ve already been burned, but is becoming more and more important as attacks grow more sophisticated.
What You Can Do About It
As with all cyber security issues, it remains essentially an arms race between the hackers and the security specialists.
Volume-based attacks are the most common. In fact, you might think of them as the probe, sent first to see how soft the target is. This traffic tends to fit a certain profile, and in our DDoS protection service, we maintain a constantly updated list of typical “attack” profiles.
Once an incoming attack is detected, we re-route the traffic to filter out the “dummy” data, then send the clean traffic on to your site. This filtering process allows normal usage to continue with perhaps a minimal lag, and the malicious packets never reach your servers at all.
The second main vector is an attack at a newly-identified weak point, usually through third party applications. These applications can also be used themselves to launch volume-based attacks, or they can simply be harnessed to gain access to data, to phish for login credentials, or to merely send spam.
In either case, it’s crucial to have the help of specialists who are familiar with these threats and how to mitigate them. It’s much easier to head off an attack than it is to try and stem the flood after they’ve pounded your servers for two days. With a service like Atlantic Metro’s DDoS Protection, you’ll receive proactive management and the routine updates that keeps your security at the forefront of this arms race.