DDoS attacks often target sites that process customers’ personal data or request information about bank cards for online payments.
For example, online stores, cafes and restaurants, site where you can bet in Nigeria, insurance companies, game servers, etc.
What Is a DDoS Attack
A DDoS attack (Distributed Denial of Service) is a distributed network attack, which aims to fully or partially disable the website. In a DDoS attack, users lose access to the resource, and the business that owns it runs the risk of losing profits and leaking customer data.
How a DDoS Attack Works
Hackers infect computers and phones of ordinary users with a virus, such as a Trojan, and create a network of them. It’s called a botnet, and the devices it contains are called bots or zombies. Moreover, computer and phone owners are not even aware that they are helping cybercriminals: their devices work as usual.
Attackers remotely control the bots and force them to attack the selected site. The infected computers and smartphones execute malicious network requests, causing the server to fail and stop functioning for hours or days.
The Difference Between DoS and DDoS
The main difference is in the technical implementation. In a DDoS attack, cybercriminals use a network of computers, while in a DoS attack, they use only one device. Therefore, it’s much easier to prevent this threat. It’s enough to trace the IP address from which requests are made and block it.
Who Launches DDoS Attacks and Why
Hackers carry out attacks, either by themselves or at the request of their customers. The reasons for this are different: from personal enmity and fighting competitors to identity theft and extortion. Here are the most popular reasons:
Struggle with competitors. Most often, it concerns small and medium-sized businesses. For example, flower stores may attack each other on the eve of holidays. The aim is to stop competitors’ sites working, bring customers to your online store and sell them as many bouquets as possible.
Identity theft. DDoS attack itself doesn’t allow access to customers’ payment information, passport data or phone numbers, but it can be used as a distraction: while a company is dealing with an attack, intruders use other methods to obtain personal data.
In this case, hackers attack a site until they get money from the owner.
Personal dislike or protest. For example, out of envy, desire for revenge, or disagreement with political or activist activities, attackers often attack the websites of regional media, commercial and governmental organizations, etc.
Educating or entertaining. Young hackers may attack small sites to test their skills, gain experience, or to show off to friends and colleagues.
How Is a DDoS Attack Dangerous for Business and Customers?
If your site is “ddosited”, you risk experiencing temporary difficulties in your work: for example, being out of touch with employees from different departments. In addition, you may lose:
Customers and partners.
The explanation is simple. During a DDoS attack, customers cannot get to your site and turn to your competitors, and companies lose the desire to partner with you for fear of repeating the attack.
Moreover, you are left with no money: you spend to restore your work and replace your equipment, and you lose your profits. To understand, for example, how much money is lost online, just look at the average statistics of online orders per hour or day, and then multiply that figure by the number of hours of downtime at the site.
During an attack, a company may also lose its reputation in the eyes of customers, especially if data is leaked, as well as in the eyes of other companies, which will affect the value of its assets.
How to Know if a Site Is Under Attack
A successful DDoS attack leads to the fact that the site partially or completely stops working. But it is possible to recognize the threat at the initial stage. For example, you will notice:
An avalanche of requests.
Error 503 (Service Temporarily Unavailable), which means that your server is temporarily unable to process requests.
502 (Bad Gateway) or 504 (Gateway Timeout) errors, which means that the site is unavailable.
Monotonous requests and requests for pages that do not exist.
Examples of DDoS Attacks
HTTP flooding. This is one of the most common types of DDoS attacks in which standard GET and POST requests or others are sent to a site or app. The former are used to retrieve voluminous data, the latter are used to send useless information to the server. In the end, the result is the same: the site is overloaded and inaccessible.
SYN flooding. One type of attack in which fake SYN requests, or connection requests, are sent to the server at high speed. SYN floods the server and causes CPU overhead. As a result the server “crashes”.
ICMP flooding, or ping flooding (request flooding). This attack overloads the target computer with service requests, to which it must give echo replies.
UDP flooding. A network attack in which hackers send a large number of spoofed UDP – which are transport protocols for transmitting data on IP networks without establishing a connection – to the selected server. The server tries to inspect the packets and create ICMP response messages, but ends up being overloaded.
Having recognized the cyber-threat, you can connect the DDoS attack protection to the server and ensure its stable operation.