Table of Contents
The past two years and the COVID-19 pandemic produced a whole new playground for hackers. The beginning of the COVID crisis brought panic, and people couldn’t prioritize their cybersecurity over the fear of the unknown.
Worldwide lockdowns led to an increase in online activities across many fields of everyday life. Everything shifted to the online world overnight, and let’s face it – most of us were not prepared for that. All of a sudden, work, education, grocery shopping, even basic healthcare moved almost entirely online. Streaming platforms got more traffic than ever.
Companies with hundreds or thousands of employees couldn’t protect all their devices instantly, let alone think about how to prevent DDoS attacks. Businesses providing online services needed to adapt their platforms to receive more online traffic than ever. That’s where cybercriminals saw their window of opportunity and, according to NetScout’s report, launched 9.7 million DDoS attacks in 2021 alone. To make matters worse, that was a 3% decrease compared to 2020.
Historical data shows there’ve been some major DDoS attacks in the past decade. Amazon Web Services, GitHub, Cloudflare, even Google – they were all victims of DDoS attacks. When you consider the fact that such huge companies had to combat these attacks and suffer financial and reputational losses in the process, you can’t help but wonder: how to prevent DDoS attacks?
We can offer some guidance here, but let’s first look into the nature of DDoS attacks.
What Is a DDoS Attack?
A DDoS (distributed denial of service) attack is not what you would call a typical cyberattack. It doesn’t involve viruses or malware, but we can call it a kind of a hack, even though it’s not really a hacking attack. Have we confused you much?
Hackers initiate DDoS attacks, but they don’t breach your system with malware. Instead, they overwhelm your networks or server with fake traffic your system cannot process, preventing it from responding to genuine user requests.
Attackers use large botnets (a tool consisting of a network of connected devices that they infect with malicious software) to send repeated signals to your server, leaving your website inaccessible. They completely shut down your system for the outside traffic.
As a result, your company can’t provide services to customers, and your business operations get disrupted. Hence the name distributed denial of service.
Depending on how quickly you become aware of the problem, the attack can cause substantial financial damage to your business. Extended downtime can lead to loss of income, and you also risk losing your customers’ trust, especially if you are unaware of what caused the problem and think your website is simply down.
Suppose you don’t have effective defense and recovery systems. In that case, criminals can try to extort money from you by sending a minor DDoS attack to prove they can breach your system and then threatening to initiate a ransomware attack. Beware that they sometimes request a cryptocurrency payment, which is extremely difficult to trace.
Types of DDoS Attacks
Much like other cyberattacks, DDoS attacks are becoming more sophisticated every day. Hackers are constantly competing with each other, and their reputation depends on their innovation and audacity. There are numerous types of DDoS attacks, and we can classify them into three larger categories: volumetric, application-layer, and protocol attacks.
The volume-based (volumetric) attacks are the most common DDoS attacks. They rely on botnets that overwhelm network ports, making them unable to process legitimate traffic and user requests. Bots send false traffic to all available ports, block them, and prevent regular traffic from flowing in, causing the web page to go down and return an error to potential customers.
Two main types of volumetric DDoS attacks are UDP floods and ICMP floods. UDP (User Datagram Protocol) flood attack sends bogus USD packets with altered IP addresses to resemble that of their victim’s address to the remote hosting server. Since the response returns empty, the hosting system consequently returns multiple errors.
ICMP (Internet Control Message Protocol) attack sends fake requests to the server as a series of ICMP packets. It keeps overloading the network without waiting for a response from the server. As a result, the system doesn’t have the capacity to respond to regular user requests.
Protocol (and protocol fragmentation) attacks are designed to target protocols that transfer data and verify connections. The attacker sends distorted and slow pings, and the network uses most of its capacity trying to verify the requests. That again leaves the network unable to respond to legitimate requests.
Protocol DDoS attacks also attack firewalls, especially since they can easily bypass poorly configured ones by sending vast amounts of data. Speaking of the amount of data attackers use, cybersecurity experts measure the scope of protocol DDoS attacks in bits per second (BPS) or packets per second (PPS). For example, an average DDoS attack in Q3 used 4.31 Gbps of data.
Application-layer attacks don’t target the entire victim’s network but specific user-facing applications. The attackers generate large amounts of traffic through HTTP and HTTPS protocols that resemble the usual traffic the application receives.
The server then allocates all its resources to respond to those false requests, and that application becomes overwhelmed and inaccessible to the actual users. Some examples of application-layer attacks could be the attacks that affect only the login application on a website or the cart check-out page.
How to Prevent DDoS Attacks
You’ve probably heard this many times before, but prevention really is the best way to protect your assets from any kind of cyberattack. If you don’t have in-house cybersecurity experts, consider hiring a contractor or an agency that could help you fortify your systems and instruct you on how to prevent DDoS attacks.
Here are some best practices that cybersecurity professionals suggest all at-risk businesses should implement:
Set up a DDoS Response Plan
Suppose your company suffers a DDoS attack. As with any other cyberattack, your response needs to be swift to contain the damage as much as possible and stabilize your systems. A well-designed response plan would give guidance to your team and enable them to act quickly in case of an emergency.
Since we already mentioned that DDoS attacks are not like other kinds of cyberattacks, you need a specific response plan if you don’t want the cybercriminals to catch you blindsided. A DDoS attack affects your networks differently than malware or a social engineering attack, so your response plan needs some tweaks to best respond to that specific situation.
First, a response plan should identify a team of people that would be in charge of implementing it. Your response team should consist of people from various teams, including the IT security team, engineering, and HR and PR professionals.
Ensure that your plan outlines the necessary steps to identify the source of the attack and contain it to minimize contamination. The next step would be to assess the scope of the damage and then start repairing your devices and networks.
Your HR team should help handle the internal communications to avoid spreading panic and instruct the employees on how to handle the incident. PR experts should take care of external communications and ensure the right amount of information reaches the public.
Fortify the Network Security Systems and Infrastructure
Attackers often look for gaps in your security systems when looking to launch a DDoS attack on your company. Your job is to ensure they don’t find that potential entry point by implementing all the best practices to protect your network.
Start with finding the best software solutions for your specific needs. Solid firewall, intrusion-detection systems, and anti-virus software are the first lines of defense. Consider adding more layers of security, such as anti-spam content filtering, endpoint security, or web security tools to ensure safety from multiple sources of danger.
You should also secure your network infrastructure and equip your devices to respond to sudden traffic spikes. That would give you time to look into the unusual traffic activity and react in time before your network becomes overwhelmed.
The market also offers tools you can use specifically to prevent and stop DDoS attacks. Consult your cybersecurity experts to find the best and most effective solutions for your business.
Monitor Your Network Traffic
Beware, however, that you won’t be able to react on time unless you closely monitor your network traffic and look for the signs of a DDoS attack. Remember that this type of attack comes with a sudden surge in traffic, and the perpetrators sometimes test your system by releasing a smaller attack to check if it would go unnoticed.
Those traffic surges should be warning signs your team needs to learn to recognize. Other occurrences that could indicate a DDoS attack are high demand for a single application on your website (and you are not hosting any special events), spotty connectivity, slow page performance, and intermittent web crashes.
Instruct your team to react at the first sign of any suspicious activity. That should give you enough time to prevent a large-scale incident.
Use Multiple Servers and Cloud Protection
The software and hardware you have on your premises are your primary defense lines. But their capacities are limited, and you should consider extending your system protection to the cloud.
Cloud providers offer multiple layers of protection with their firewalls and threat monitoring software. It also provides more bandwidth, giving your website the ability to handle more traffic than any private network and ensuring the website’s stability in the process.
Clouds, by nature, run on many servers that are not located in the same place, meaning if one becomes overwhelmed and crashes, others will keep operating, and so will your website.
Clouds also keep secure backups of your data, making it easier to switch to a secure version in case a DDoS attack corrupts your system.
Implement Best Security Practices
It’s never redundant to remind you that you need to regularly change your passwords and instruct all your employees to do the same. Introducing a multifactor authentication system is also a good practice that includes an additional security layer to your network and accounts.
We also already mentioned how important it is to react promptly to a cyber incident, so educate everyone on the staff to recognize the signs of a cyberattack and report it to the dedicated team. You might also want to instruct your users on properly using your application and give them a source where they can report any problems they might encounter.
Another simple but effective piece of advice: don’t forget to purchase adequate software for your business and keep it updated at all times. You might want to consult an expert who can assist with choosing the best solution for your system.
Perform Security Assessments
Regular security assessments are vital for discovering any weaknesses in your network and connected devices. Make it a common practice to perform these assessments every quarter, or at least every six months. That will allow you to remedy weaknesses or gaps in your security system before cybercriminals can get a chance to take advantage of them.
An average cost of a DDoS attack in the US is around $218k if we don’t count in any potential ransom costs. The number refers to the direct damage companies suffer from the attack. Still, you should always expect additional expenses when you discover how far-reaching the attack was and identify all affected parties.
The danger of suffering a DDoS attack is great, and you shouldn’t take it lightly. Implement all the protective measures that your cybersecurity budget allows, and keep in mind that prevention is your best weapon when fighting DDoS attacks.
Given that cybercrimes evolve constantly, you should also be aware that perfect protection doesn’t exist. Consider purchasing a cyber liability insurance policy that would provide a safety net and financial support if your company suffered a DDoS attack.
Keep in mind that not all cyber liability insurance policies offer the same coverage. Work with your insurer to find the best option for your business and include all the necessary policy extensions.
If you don’t have a cyber liability policy in place, or you potentially need to extend your coverage, feel free to reach out to one of our experienced brokers. If you are ready to get an online cyber insurance quote, sign up to Embroker’s platform and get your application started.
Learn why having a cyber attack recovery plan for your business is so important.
Learn why having a strong cybersecurity risk management plan is paramount for any modern business that relies on the Internet to connect with clients and business partners.