Distributed denial of service (DDoS) attacks are in the news again. Long-term DDoS trends continue their upward spiral, and RDDoS, a mashup of DDoS attacks and extortion threats, become a notable force in enterprise SecOps.
DDoS Trends: Something New and More of the Same, Sad, Song
DDoS attacks are a class of malicious exploit that makes online services unavailable to users. Bad actors launch their attacks by using many (sometimes hundreds of thousands) of infected, widely distributed internet-connected devices, called bots. Malicious software enables a command bot to communicate with and control infected devices remotely. Increasingly sophisticated attacks now use AI to make attacks more adaptable and responsive to changing conditions in the attack environment.
RDDoS attacks: A new way to deliver digital mayhem
One of the biggest recent cybercrime trends, ransom DDoS (RDDoS) attacks add a new wrinkle to the familiar exploit. They occur when cyberattackers try to extort money from individuals or organizations by threatening to launch a DDoS attack. “Pay up, or we’ll shut you down!” is the message.
There are variations on this theme. In some scenarios, attackers flood a target organization’s website with useless signals and demand ransom to shut off the attack. Or RDDoS attacks can be a stand-alone exploit that provides a diversion from the attacker’s real agenda, such as a data breach.
RDDoS attacks expand the power and variety of malicious exploits. Vulnerable to an even wider range of attack methods, target organizations must be able to find and neutralize these complex exploits. It all adds up to more time and costs siphoned away from higher-value security activities.
DDoS attacks: More muscle in each exploit
In the past six months or so, DDoS attack size remained relatively flat (that is, no massive Tbps-level attacks were observed). However, attackers continue to engage in faster, more difficult-to-mitigate attacks marked by:
- More attacks. During the past few years, DDoS attacks have steadily increased in frequency. In 1Q 2021, malicious actors launched approximately 2.9 million DDoS attacks, a 31-percent increase compared to the same time in 2020.
- More powerful attacks. Attack throughput increased by 71 percent compared with 1Q 2020.
- Shorter attacks. More attacks last from five to ten minutes, a relatively short time to do damage. Attackers get in, clog the target network’s infrastructure, and get out. This tactic makes it more difficult for target SecOps teams to discover and neutralize attack agents.
- Continued focus on core industries. Attack activity in 2021 continues the pattern of targeting lifeline sectors during the pandemic. E-commerce, healthcare, and online learning organizations experienced higher activity from cyberattackers in 2020. Numbers gathered since the beginning of this year indicate that little has changed.
Some things don’t change. IT operations still take it on the chin in the form of network downtime, low bandwidth, or slow network speeds. Post-attack IT effects often include lengthy, expensive recovery tasks such as adding or replacing security-related assets. DDoS attacks also deliver big business impacts, measured in terms of employee productivity, customer satisfaction and loyalty, damage to company reputations, and boatloads of recovery costs.
Protecting Against DDoS Threats
It’s not all bad news, however. Advanced DDoS solutions can beat back attacks with a combination of data monitoring, scrubbing, and other analysis methods. Ideally, the most effective solutions:
- Apply DDoS protection outside the network, so the only traffic that reaches your hosts is filtered.
- Include a constantly updated knowledge base of DDoS threats as well as new and emerging attack methods.
- Identify emerging threats as they become public, detect known malicious actors, and apply remedies in real time.
Attack solutions are not a one-size-fits-all business, however. Each of the three types of DDoS attack has its own path to prevention and mitigation.
Volume-Based DDoS Attacks
In this, the most common type of DDoS exploit, attackers infect and control as many internet-connected devices as possible to overwhelm a website. Advanced solutions neutralize these threats by gathering DDoS traffic and rerouting it to a network of centralized scrubbing centers, where malicious traffic is analyzed and removed.
Protocol DDoS Attacks
These attacks seek and exploit weakness in the internet communications procedures that run websites. Malicious actors use a computer to attack and overwhelm services that handle communications requests. Solutions use detailed monitoring of website traffic to find and compare traffic streams with expected standards. The software identifies infected traffic and blocks it before it reaches the website.
Application Layer DDoS Attacks
In this type of attack, malicious actors search for weaknesses in applications used in the application layer of a web site. When a vulnerability is found, attackers generate so many bogus requests that the application cannot deliver content to users. Solutions use AI, machine learning, and data analytics to compare site traffic to known and new patterns of malicious behavior, block known bots, and challenge suspicious traffic with different security tools.