The Bluffer’s Guide To DDoS Attacks

What are DDoS attacks?

The most common form of cyberattack is the Distributed Denial of Service attack (DDoS).

Tens of millions of DDoS attacks are launched every day. It’s estimated that approximately 10 million files are lost or stolen every month. In 2016 cybercrime cost the global economy €450 billion. This is expected to rise to a whopping €6 trillion in 2021.

A Distributed Denial of Service (DDoS) attack is a coordinated attempt to disable your online application or service.

It can happen to any device with a public IP address, such as a network, a website, a cash register, basically any unprotected application or service that is operated online.

How does a DDoS attack happen?

The aim of the attack is to overwhelm the target with fake traffic.

  1. The attacker uses a spam email or a corrupt website to contaminate connected devices (smartphone, laptop, desktop or any connected device). These devices are ‘infected’ with a malware bot (malicious software).
  2. The infected device will then send fake traffic to the target of the attack. The device owner is more than likely unaware that this is happening. More importantly, the owner of the target (website, payment system, online applications) is also be unaware of what is happening.
  3. The controller of the malware bot (bot herder) can direct the army of infected devices from a remote location, making it hard to trace their traffic and catch the culprit.
  4. DDoS attacks are harder to intercept and deflect because of the sheer volume of incoming traffic from the devices involved. They don’t typically breach your security perimeter, such as your firewall. At the beginning it just appears to be an unexplained spike in traffic. As it persists, you realise there is a bigger issue and at this stage your servers are unavailable to legitimate users. This state will persist as long as the attack persists
  5. While this is a massive inconvenience and potentially costly, the DDoS may just be a distraction for more sinister activity. While you scramble to get your service live again, the real attack is happening to your security applications to allow cyber vandals to go after a bigger prize, like customer data.

Why would someone do this?

There are lots of reasons your business could be subject to a DDoS attack.

In some cases, the attack may have been carried out by legitimate businesses on competitors infringing on copyright or intellectual property.

For example, in 2010 a number of Bollywood film production companies hired Aiplex Software to launch a DDoS attack on these pro-piracy websites that were distributing their content.

The largest DDoS ever is suspected to have been carried out by the Chinese government, using their ‘Great Cannon’ to coordinate the attack.

GitHub (the software development platform) suffered a five-day-long attack in 2015. The data associated with the traffic surge peaked at an incredible 1.35 terabits per second.

A report from Citizen Lab — an ICT, security and human rights lab based in Toronto – found evidence showing commonalities between China’s Great Firewall censorship system and Great Cannon.

The motives are more sinister and perpetrated by a group of cyber terrorists.

It could be a deliberate attempt to extort money from an SME or large multinational. Once the attack is in place, the attackers will send a ransom note outlining what it will cost to remove the DDoS.

How do you protect yourself against a DDoS attack?

The only way you can prevent a DDoS attack is by having protection in place to deal with it; prevention is better than a cure.

Once the protection is activated, the system constantly analyses the data stream for anomalies. When an attack is detected at the early stages, the data stream of fake traffic is diverted by a Threat Management System (TMS).

The TMS appliances are located in scrubbing centres within an Internet backbone. A backbone is a data route between large, strategically interconnected networks that require high-speed bandwidth connections and high-performance servers/routers.

In the scrubbing centres, the fake traffic data stream designed to create the DDoS is separated from the real data traffic of genuine users.

With the protection in place, the only delay a genuine visitor would encounter would be due to the traffic being temporally rerouted through a TMS appliances.

After this separation process, the clean data stream is transferred to the intended destination so that the customer can continue to do business, unaware there was ever a problem.

How can I find out more about DDoS and cyber security?

Learn more about Virgin Media Business’ DDoS Protection Solution on our website, or download the free eBook here. If you want to seek more advice on how to protect your business from similar online threats contact us today at 1800 941 114 or visit www.virginmedia.ie/business/security-services/