Imagine you have developed an innovative online service or set up a web shop and suddenly nothing works: Neither your shop nor your services are accessible. Prospects and customers can no longer access what annoys them. But your employees also have problems, for example because they do not have access to business applications in the home office, for example office or video conferencing solutions. A distributed denial of service (DDoS) attack is often behind such problems.
According to a current report, the number of such attacks in Germany rose by 142 percent in the second half of 2020. To paralyze online services, the cyber criminals use a network bandwidth of up to 385 gigabits per second. That’s enough to block large websites too. For comparison: Many companies in Germany use DSL connections with a bandwidth of 50 to 250 megabits per second.
The following infographic also shows the most popular targets for DDoS attacks in Germany in the second half of 2020, according to the report.
Infographic: The most popular targets of DDoS attacks
Cyber criminals’ goal: They want money. Those who do not pay a “nominal fee” have to expect a DDoS attack and accept damage.
How DDoS works
There are several types of DDoS attack techniques.
1. Volume-centric attacks
One of them is volumetric attacks. With these, the connection between the company network and the Internet or within a company network is overwhelmed with inquiries. A network bandwidth is used, often of more than 100 gigabits per second. This means that there is no longer any bandwidth left for connection attempts by customers ‘or employees’ computers. Such attacks are also used to analyze networks and IT systems for weak points and to camouflage complex attacks.
2. TCP state exhaustion DDoS attacks
In turn, TCP State Exhaustion DDoS attacks are intended to paralyze networks and IT systems that provide content for end users. The targets of attack include:
- Load balancers
- Domain Name Server (DNS)
A large number of falsified connection information is smuggled into their DNS tables in order to block these systems. During the attacks, the cyber criminals use a network bandwidth of 10 to 20 gigabits per second. As a result, such attacks are less noticeable than volumetric attacks. The attackers also evaluate the results of their measures in order to further refine their methods.
3. Application attack / malware
The third and most dangerous type of DDoS attack targets the application layer. These attacks use certain functions of applications to impair their function. An example: In a “Large Payload Post” attack, manipulated requests are transmitted in XML code to a web server. When trying to cope with this unsolvable task, the system demands more and more resources such as main memory – until the web service “crashes”.
What protective measures are there
If you want to protect your web services and servers from DDoS, firewalls, virus scanners, web application firewalls (WAF) and load balancers are not sufficient. Because they can only partially examine the network traffic for signs of a DDoS attack. They are also vulnerable to such attacks themselves.
EXTRA: Cyber Security Awareness: 5 tips on how to make your employees aware
It therefore makes sense to order a DDoS protection solution from a specialist. It is important that the provider provides several types of DDoS security solutions. This includes, for example, DDoS protection as a cloud service. Such a service enables users to adapt the level of security and the scope of the services to current needs.
The company also benefits from the experience of the external provider’s DDoS specialists. Because the “Threat Intelligence Services” of such providers usually detect servers with security gaps, for example, faster than their own IT specialists and block the corresponding IP addresses in order to prevent DDoS attacks.
Defense on the edge of the net
Another option is that you place a DDoS security system (“appliance”) between the Internet and the firewall of your internal network, i.e. at the perimeter. Such security systems don’t just block DDoS attacks. They also reduce malware risks. The appliances also prevent infected systems from communicating with the command and control systems that hackers use to remotely control hijacked computers or IoT (Internet of Things) components.
Regardless of whether cloud services or appliances: it is important that such solutions are “capable of learning”. That said, they should use techniques like machine learning. This enables them to identify attack patterns more quickly and precisely and initiate protective measures. It is also helpful if DDoS security solutions can automatically prevent an attack. This relieves the IT administrators and shortens response times in the event of attacks.
EXTRA: IT security: SMEs threatened by DDoS attacks
We will probably never get rid of cyber attacks. On the contrary: the number of such attacks is likely to continue to rise. It is all the more important that you think about how you can protect yourself and your customers from such blackmail methods. Instead of throwing money down the throat of cyber criminals, it makes more sense to invest in good DDoS defense.