Distributed Denial of Service is a hacker attack on a network with the aim of bringing it to failure. The result is that real users can’t access the service. With the development of digital technologies and the internet of things, DDoS attacks have become the most popular tool for carrying out hacker attacks on businesses, and the trend of such attacks is on the rise.
DDoS can disable almost any service without leaving legally significant evidence.
The attack takes place in the following way: attackers artificially create a huge number of requests to an online resource in order to increase the load on it and disable it. Hackers use a network of many infected computers, literally bombing the resource with requests. Distinguishing a real user’s request from a fake one can be very difficult. It is only logical that many DDoS attacks are launched during seasonal sales, when online stores are faced with an influx of customers and make the most of their revenue. The servers of the online store cannot cope with the load, and as a result, its service works intermittently or becomes completely inaccessible, and users who did not receive the service go to competitors.
Medium and even large online stores on their own cannot oppose anything to cybercriminals. This is evidenced by the fact that in 2016, due to a DDoS attack, even the servers of the DNS provider Dyn went offline. DNS is a critically important service for the entire Internet, which shows your browser which ip address you need to go to in order to get to a particular site. The attack on such a service led to a huge number of disruptions in the work of other services, a number of which were Sony Playstation, Spotify, Netflix, New York Times, Paypal. The irony is that the network was attacked by requests from hacked printers, smart kettles, robotic vacuum cleaners and other smart home devices that were part of the largest botnet Mirai.
Together, these devices loaded Dyn’s services at a rate of 1.2 terabits per second — and resulted in $110 million loss.
One might get the wrong impression that organizing a DDoS attack is a complex multi-stage process that requires building a botnet and is not accessible to everyone. Unfortunately, this is wrong. After all, DDoS attacks have become widespread due to their ease of use.
Organization of DDoS attacks does not require deep knowledge of information security or information technology.
For example, one of the DDoS attacks on Amazon was carried out by a Canadian citizen who was only 15 years old at the time of the attack.
Cyber wars have been taking place on the network for a long time, day by day more and more noticeable, and even to uninitiated people. After all, a simple search engine query “order a DDoS attack” produces several hundred thousand results. Looks depressing, especially if you need to protect your organization. Even customer journey is on a professional level — payment can only be charged in the event of a successful attack, which suggests that the hacker provides guarantees. You can also use the “demo mode”: rent a botnet for a couple of hours. Such an attack will not last long, but it has every chance to disable the victim’s infrastructure for a short period of time.
IT security experts vigorously monitor the situation around DDoS-attacks, explore new threats and find new ways to mitigate the risks of being attacked. Ramil Khantimirov, co-founder and CEO of StormWall states in his interview that the number of DDoS attacks is growing and, most likely, their number will keep increasing in the future. As the economy digitalizes, IT systems and services will become increasingly important for business and society, and therefore the consequences of disruptions in them will become more dramatic. The United States is one of the world leaders in the number of DDoS attacks. This can be explained by the fact that there are much more autonomous systems and networks owned by companies in the United States than in other countries. While in Europe, for example, most organizations prefer to lease IP addresses from their providers, in the United States, many enterprises have their own IP addresses, so the risks of attacks on networks in the United States are higher. In addition, highly qualified specialists are needed to organize network security. I can assume that organizations in the United States are facing a lack of such competencies, which increases the risks of DDoS attacks.
One does not need to be an expert to understand that the combination of the above facts only means that we can’t expect a decrease in the popularity of DDoS attacks. Along with the increase in the number of Internet services, companies need to take a more careful approach to digital security issues in order to ensure the smooth operation of their resources.