It starts with a bit of unusual traffic – a surge of access requests from seemingly-unrelated IPs. Slowly but surely, your servers are overwhelmed. Your network-facing infrastructure starts slowing down, until it eventually grinds to a halt altogether. With a sinking feeling in the pit of your stomach, you realize what this means. You have been targeted by a distributed denial of service attack. And until such time as the attacker decides you are no longer a worthwhile target, all you can do is weather the storm.
DDoS attacks are one of the oldest criminal tactics on the web. They are also one of the most enduring. And though tactics have grown increasingly sophisticated over the past decade, at its core, every DDoS attack has the same objective: to overwhelm the targeted product or service with bogus requests until it is no longer operational.
The most frightening thing about these attacks is how simple they are to pull off – and, with the growth of the Internet of Things, how massive they have the potential to become. All you need is a big enough botnet and you can bring down the infrastructure of even a massive corporation. And such botnets are more easily obtained than you might think – in the seedy underbelly of the web, there is a growing market for DDoS-as-a-Service.
While it is true that botnets have become the weapon of choice for modern hacktivists, not every DDoS attack is perpetrated by a script kiddy with an axe to grind. As a matter of fact, it is rare for disruption of services to be the only objective of a DDoS attack. According to a survey carried out by Kaspersky, as many as 74% of DDoS attacks are little more than a red herring – a smokescreen meant to mask the actual attack.
While your security team is distracted mitigating the denial of service attack, the party responsible is free to go after what they actually want – whether it is financial information, intellectual property, or client data. It is the equivalent of driving a bus through the front door of a bank while an associate tunnels into the bank vault from below.
If you are targeted by a DDoS attack, you cannot afford to let it distract you. You must remain vigilant, and keep a close watch for any other suspicious network activity that might occur. DDoS protection such as what is offered by Liquid Web is therefore critical.
A DDoS attack can be devastating to your company, leading to considerable downtime, significant lost revenue, and a damaged reputation. Unfortunately, this is only the tip of the iceberg. While a small percentage of DDoS attacks are carried out for their own sake, the majority of the time they are used to draw attention away from the actual cyberattack.
If you are to protect your data, you must remain aware of this, and protect yourself wherever and however you can.