On February 11, 2014; Cloudflare’s European and U.S. data centers very nearly had their networks taken offline by the largest Distributed Denial of Service attack in history. Directed at one of Cloudflare’s customers, malicious traffic at the time of the attack topped 400 Gbps, taking place over a new – and previously undefended – attack vector. Worse still, many have pointed to this attack as a sign of worse things to come.
“Someone’s got a big, new cannon,” said Cloudflare CEO Matthew Prince over Twitter, talking about the attack. “Start of ugly things to come.”
He’s not wrong. DDoS attacks are on the rise, and it’s going to get worse before it gets better. As groups like Derptrolling and Lizard Squad parade about liberally shelling websites and networks, other, more insidious criminal groups operate behind the scenes, using DDoSing as a cover for theft or fraud.
What IS A DDoS, Exactly?
First thing’s first, let’s get definitions out of the way. A DDoS, or Distributed Denial of Service, is a wide-reaching term used to refer to a method of cyber-attack in which a site or network is intentionally overloaded with traffic. The servers are flooded with requests to the point that they effectively collapse under the strain.
DDoS attacks are most always carried out through the use of a botnet; a network of devices infected with malicious software – often without the knowledge of their owner. Note that I said “devices,” not computers; technically any piece of hardware with an Internet connection and the capacity to launch requests can be used as part of a botnet. Look, for example, at Lizard Squad’s recently hacked DDoS-As-A-Service platform, LizardStresser (which ironically stored passwords and user data in plaintext). This tool, which allowed anyone with the money to execute an attack, made use of a network of hacked home routers.
“These botnets can be quite sizable,” reads an Incapsula/Imperva whitepaper on DDoS attacks. “The ZeroAccess botnet, for example, had an estimated 1.9 million infected computers in a P2P network. Since it used P2P, there were no central command and control servers that could be attacked to bring down the botnet; the individual computers needed to be disinfected or neutralized.”
“While the methods used are constantly changing, the basic purpose is the same: to overwhelm the target with bogus traffic so that legitimate traffic cannot get through,” the paper continues.
Something Wicked This Way Comes
“As with other types of cyberattacks,” reads the Imperva paper. “The motive behind a DDoS attack varies. They have been used to generate ransom payments, to broadcast a social or political message, to harm a commercial competitor, to curtail political speech, as a cyberwarfare strategy, to mask other smaller – and more dangerous attacks, and to expose security vulnerabilities that can later be targeted for deeper penetration.”
Whatever the motivation – financial gain, activism, competition, or simple hatred – a DDoS attack can be devastating, especially for a small business. Lost revenue from downtime is only the tip of the iceberg, especially if the attack is being used as a distraction. That’s why Server Mania has upgraded its DDoS protection suite with RioRey hardware, and why DDoS protection is now offered free with all services hosted out of the Buffalo, NY data center.
See, the events that took place over the past year – the rash of assaults leveled at everything from websites to game studios to content delivery networks to VPNs – paint a rather grim picture of what’s coming.
“DDoS attacks are becoming more advanced, and have a very real impact; in 2014, DDoS attacks became much more sophisticated,” explained Imperva security strategy director Barry Shteiman to PC World. “Though much of the reporting focused on the size of the attacks, a more troubling trend was the advancement in attack techniques. Attackers have evolved beyond simple flooding of traffic, and can now morph and adapt based on the defenses in place on the target network.”
Alright, so DDoS attacks are becoming more sophisticated and increasingly difficult to defend against. That’s really all we’ve established here. Why, exactly, is a DDoS attack such a terrible thing for your business – what exactly happens to an organization that’s being targeted?
Let’s crunch a few numbers, shall we?
The Real Impact Of A DDoS Attack
We’ll begin by looking at raw financial data. How much do distributed denial of service attacks cost a targeted organization, without taking into account any tertiary damage? The figures vary here – but none of them are good.
“A distributed denial-of-service (DDoS) attack can cost a victim organization as much as $10,000 to $50,000 per hour in lost revenue, according to a new survey,” writes Dark Reading’s Kelly Jackson Higgins. “Neustar polled 1,000 IT professionals in North America from various industries about DDoS attacks. Around 65% said that a DDoS would cost them $240,000 in revenue per day of the attack; 21% said it would mean a loss of $1.2 million per day.”
Those are some pretty big figures, aren’t they? Of course, that study was carried out in 2012. Times change, right?
A more recent study by Neustar in the UK found that businesses lose around $16,500 per hour of downtime – and this is in a country in which DDoS attacks are less common than in the US. Incapsula, meanwhile, found that DDoS attacks can cost an average of $40,000 per hour. Again, these figures are troubling enough on their own, even before taking into account some of the tertiary costs.
I’m talking, of course, about data breaches – for which DDoS attacks are increasingly being used as a diversion.
Take, for example, the 2013 breach of several United States banks, which saw millions of dollars funneled away into the hands of criminals. In order to cover their tracks while they stole the money, the thieves used a low-powered DDoS attack as a distraction. Basically, they drove a metaphorical bus into the bank’s online front, and made off with the cash while the bank was cleaning up their mess.
According to Gartner vice president Avivah Litan, “at least three banks were struck using “low-powered” distributed denial-of-service attacks meant to divert the attention and resources of banks away from fraudulent wire transfers simultaneously occurring. The loss adds up to millions across the three banks.”
And that was a low-powered attack. Could you imagine what might have happened if the attackers had sent something like what took down Cloudflare, or the PSN, or Xbox Live? How much might they have made off with then?
Keep Yourself Safe
DDoS attacks are an unfortunate danger of doing business online – and as more and more businesses shift to the Internet, they’re going to become more and more common; this will only be compounded by the wide availability of tools designed to facilitate such attacks. Factor in the fact that attack vectors are growing infinitely more complex, and it’s clear that whether you’re a client or a host, it’s your responsibility to make sure the proper preventative measures are in place, in the event that you yourself are targeted. Otherwise, you might have a whole lot more to worry about than a downed website.
1 Gbps of DDoS protection comes free with all of our Buffalo, NY plans. You can choose from more powerful protection options here.