What’s in a name: the misleading DDoS attack type you need to worry about
DDoS attacks are a convoluted topic. There are so many types, techniques and attack vectors abounding now and it doesn’t help the situation that the attacks that sound devastating often aren’t and the ones you really have to worry about have a pretty inconspicuous descriptor. Yes, not only does the current DDoS landscape have a wolf in sheep’s clothing, it also has a sheep clomping around dressed as Godzilla.
Here’s everything you know to start making sense of it.
Yes, all attacks
On the whole, your basic DDoS definition applies to pretty much every type of DDoS attack: a distributed denial of service attack is a cyberattack that aims to cause either full-on downtime or serious performance issues for online services or websites by either clogging the target network with malicious traffic, or eating up server-side resources with illegitimate requests. This is typically accomplished with a botnet, which is a network of devices under the control of an attacker thanks to a malware infection.
Image Source: Pixabay
The quantifiable costs of a successful DDoS attack against a larger business ring up to anywhere from $20,000 to $100,000 for every hour of the attack. Shocking as those numbers may be, they don’t take into account the losses suffered from the reputational damage done by a DDoS attack – a consequence that is especially stark when word of the attack hits social media or even the mainstream media. If a target is unprepared and unprotected, any type of DDoS attack has the potential to do this level of damage.
However, businesses with IT staff ready to do battle with distributed denial of service attacks need to differentiate between the following two types.
The overblown threat
Flash back to the fall of 2016 and all anyone could talk about when it comes to DDoS attacks were the huge attacks unleashed by Mirai and other IoT botnets, weighing in at a then-unheard of 1+ Tbps. Back then these whoppers were scarily effective, and website and business owners of the world lived in fear of the volumetric attack. We’re living in a different time now.
Volumetric attacks take aim at the network-layer with the goal of cluttering up the network to the point that legitimate users can’t get through. Back when bandwidth was expensive and the cloud was just beginning to break through as sought-after computing technology, these bruising attacks laid waste to their targets and ran up big bandwidth bills while they were at it to add insult to injury. Mitigation efforts got wise to these tactics, however, and now cloud-based DDoS mitigation services and ISPs offering protection have the bandwidth to absorb these huge amounts of attack traffic. Even businesses required to have on-premise DDoS protection have been able to incorporate cloud technology that swallows up volumetric network-layer attacks with ease. Volumetric mitigation has gotten so good that recently a record-setting 1.7 Tbps attack attempt did not cause a single minute of downtime.
So, if gigantic attacks aiming to crush a network with tons of traffic aren’t the threat you really need to worry about, what is?
The under-the-radar troublemaker
If someone were to warn you that a low and slow attack was on its way and it had your business in the crosshairs, you might be tempted to go ahead and not care. The good news is you would see the error of your ways very quickly.
These so-called low and slow attacks target the application layer, and instead of doing it with a wallop of traffic, they do it with requests that look as though they are coming from legitimate users to evade detection, and they do it with attack strategies designed to consume the largest amount of server-side resources with the smallest amount of effort put in from the attacking side. If volumetric attacks are the brawn, low and slow application layer attacks are the brain, and they’re on the upswing. Application layer attacks nearly doubled in the fourth quarter of 2017 compared to the quarter before it.
Low and slow application layer attacks are favored weapons of professional attackers and the every day internet scrubs using DDoS for hire services alike. Professional attackers do homework on their targets to find the elements of a website or service that will put the most strain on the server when they’re repeatedly requested, upping the chances of success and lowering the size of botnet required to make it happen. DDoS for hire service users, on the other hand, get the most bang for their buck as these attacks are much cheaper to launch and sustain compared to volumetric attacks. The trend is leaning towards clever DDoS attacks, and businesses and websites are suffering for it.
Repeat ad nauseum
One day in the next few years we’ll all be talking about how small, sophisticated distributed denial of service attacks used to be capable of so much damage, but it’s currently those unimaginably monstrous DDoS attacks that are causing all the trouble. It’s cyclical, and regardless of if they target the network-layer or application-layer, DDoS attacks are constantly evolving and finding new ways to make our lives miserable.
For now, though, businesses and websites are definitely in need of professional cloud-based DDoS mitigation capable of working smarter as well as harder, the kind that looks past the fluffy exterior of every sheep to find the wolf lurking within using granular traffic analysis.