A Look into DDoS: Facts, Stats, & How to Protect

A DDoS, or distributed denial of service, attack occurs when malicious actors utilize a multitude of computers or devices to overwhelm the targeted victim's server or network with more traffic than it can handle. The use of multiple compromised machines is what makes a DDoS attack from a denial of service attack, making it a far stronger attack -- consequently this is the most common form of a denial of service attack.

When a business is hit by a DDoS attack it can devastate a business. Not only does it overwhelm the company's networks, slowing internal business down, but it also makes their external sites and systems unusable, resulting in potential loss of customers or sales. What's worse is that because these are distributed denial of service attacks, the attack is coming from multiple devices or IP addresses and is harder to track down. In a DDoS attack, the malicious actor will take control of the devices to be used for the attack and infect them with malware. These machines are then used to send traffic to the targeted victim.

DDoS Challenges - Duration

One of the biggest challenges that comes along with a DDoS attack is the amount of time that it takes to get these disrupted systems back up and running. While some can be detected and refuted in minutes, an attack from this year lasted over 6 days.

Cybersecurity giant, Kaspersky, took a look at some of the trends related to the duration of DDoS attacks and showed some comparisons of what last year's DDoS attack statistics looked like compared to the first half of 2020. The shortest attacks which can last up to four hours made up a majority of the attacks at nearly 86% of the total number of DDoS attacks, so it is obvious that these attackers do not need much time to disrupt the networks and take what they want. Despite this, a DDoS attack will completely throw off a business and its operations, even if it only lasts for such a short time. Next we'll take a look at the ways to identify a DDoS attack as well as how to prevent becoming one of these statistics below.

Identifying a DDoS Attack

As though a DDoS attack itself is not bad enough, the worst part of it is the fact that it comes in without warning. This makes the first few moments of a DDoS attack crucial so that you can both identify and mitigate a

• Increased traffic -- If you notice unusually high traffic, particularly that which is coming from one IP address or from multiple IP addresses in a particular IP range, this is a strong indicator that a DDoS attack in process. Additionally, seeing these spikes in traffic at strange times of the day.
• Singular Behavior Profile of Traffic -- Another indicator of a DDoS attack is a flood of traffic is which is coming from users who share the same "behavioral profile", such as device type, geolocation, or web browser version.
• 503 Error -- You may also receive a 503 error from your server which indicates service outages.

How to Protect Against a DDoS Attack

While it is difficult to stop a DDoS attack once it is in process, there are some steps you can take to try and lessen the likelihood of a DDoS attack.

• Secure Networks -- A strong cyber defense is a smart idea regardless for your company, and DDoS prevention is just another benefit that comes from securing your networks.
• Backup Your Systems -- System redundancy can help to keep your business operational while dealing with the headache of a DDoS attack. This way if one server is attacked, the backup or redundant servers will be able to take on the extra traffic hitting the network.
• Create a DDoS Recovery Plan -- One of the worst parts of a DDoS attack is how long it takes to get back up and running following such an attack. It is preferable to prevent an attack, but attackers can be very determined and an attack will get through. This is why it is important to have a DDoS recovery plan, just in case. It is better to be safe than sorry when it comes to cyber attacks. In this recovery plan, create a recovery response team who will be responsible for responding in the event of an attack. These members will need to know who to contact in the event of a security incident and develop a plan of defense strategy to respond to such an incident. Being prepared for an attack will help to determine how quickly your company recovers from the attack.
• Learn from a prior attack -- In 2018, over 80% of DDoS attacks only lasted about 10 minutes, however, these companies were often hit with another attack within 24 hours following the initial attack. Being prepared following a hit can feel overwhelming, but use any attack that you may encounter as a learning experience to avoid future issues.

Image by Macrovector for Freepik.