Detection prevents disruption

What is a DDoS attack? Whilst perhaps more a cybersecurity concern than an information security one as this type of attack doesn’t compromise information, denial of service attacks, most commonly Distributed Denial of Service or ‘DDoS’ attacks, are incredibly common and plague countless businesses every year.

Seeing a 542% rise in the first quarter of 2020, DDoS attacks were for some time considered an attack of the past, however that trend has recently been reversed and DDoS attacks are back on the rise.

Whilst awareness alone will not prevent these attacks from happening, ensuring you’re aware of the signs of one taking place can help ensure the attack is stopped as soon as possible, preventing disruption and financial loss before they can occur.

What is a Denial of Service attack?

A denial of service attack involves just that: stopping the use of a service that matters to the function of the business in question. Usually, the service in question will be a company website or servers.

Denial of service attacks work by sending large volumes of requests to the service, preventing it from working. These requests sent to the service can vary, but the end result is the same, non-operation of a vital piece of business infrastructure. Think of these requests as questions and tasks being asked of the service. Like us, if given too many tasks we need time to work through them, and we wont be able to keep up until we have these resolved. The same is true of our business systems, and this is what makes the service unusable.

These attacks cannot extract information from the victim and therefore the effect of the attack is purely disruption and the financial loss that occurs from having the company website or servers offline. Attackers will often use these attacks to extort a ransom in return for the attack ceasing, or in some cases, “hacktivism“, where a group with a political agenda will disrupt a website or business that conflicts with their views or spreads information they disagree with.

DDoS Attacks vs DoS Attacks

Both DDoS and DoS attacks work by sending large volumes of requests to a service, but the difference in these attacks is the source of the requests sent to the target service. DDoS attacks recruit a botnet, a team of enslaved computers that work together to flood the targeted service with requests. DoS attacks use only one computer and are therefore capable of sending fewer requests and are easier to track. DDoS attacks are therefore, and unsurprisingly, the most common form of this type of attack.

Signs of a DDoS Attack

In the event of a DDoS attack, you’ll notice a rapid decline in the performance of a service. This disruption will affect all employees and continue for sustained periods of time. Look out for the inability to access servers, the company website, or computers functioning very slowly.

What to do in the Event of a Suspected DDos Attack

In the recent of a suspected DdoS attack, do not wait before acting. If your systems or services seem slow, there is some things you should do immediately.

Contact your ISP

Contact your ISP and let them know that you suspect you are being attacked. They will have procedures in place to help mitigate the effect of a DDoS attack and will also appreciate being aware of a potential attack in case other customers could be at risk.

Activate security measures

Speak to your security or IT team regarding what measures are currently in place ahead of time if possible. Its more than likely that there are already measures such as Access Control Lists (ACLs) in place, which prevent traffic from suspected malicious sources being allowed into your network.

Another method that can be used is rate-limiting, which prevents multiple requests from single sources. This method is most useful when a web-based service is under attack.

Regardless of the methods chosen to protect your organisation before or during a potential DDoS attack, it is imperative that these methods are reviewed and assessed regular to ensure they are up to the job of protecting from a DDoS Attack. Ensure that the Security or IT team regularly review to ensure they’re up to the job, and there isn’t something better out there they could be using instead.

DDoS attacks can sneak in undetected at first, but the signs of an attack can be spotted before the attack is in full force. Therefore, as with all cybersecurity attacks, awareness of what is possible and the threats that your organisation faces can be the key to preventing lasting damage before it can occur.