DDoS attacks can leave systems down for days. But how do they actually work?
DDoS attacks are one of the most common forms of cyber attack, with the number of global DDoS attacks increasing to 50 million annually, according to VeriSign.
Distributed denial of service, or DDoS for short, refers to a cyber attack resulting in victims being unable to access systems and network resources, essentially disrupting internet services.
The DDoS attack will attempt to make an online service or website unavailable by flooding it with unwanted traffic from multiple computers.
For a DDoS attack to be successful, an attacker will spread malicious software to vulnerable computers, mainly through infected emails and attachments.
This will create a network of infected machines which is called a botnet.
The attacker can then instruct and control the botnet, commanding it to flood a certain site with traffic: so much that its network ceases to work, taking the site offline.
There are lots of different ‘types’ of botnets, with the most recent, called Mirai, housing an estimated 380,000 bots.
Mirai, which shot to fame in 2016, had the potential to infect unsecured internet of things devices, such as DVRs and IP cameras.
Mirai famously shut down internet access for nearly one million Germans by exploiting security flaws in routers at OEM manufacturers Speedport and Zyxel, shutting down web access for about one million Deutsche Telekom customers for two days.
Why hackers choose DDoS attacks?
DDoS attacks can take down websites of all sizes, from heavy duty enterprises to smaller, more vulnerable sites. The moves for attacks can vary widely from politics to pure financial gain.
DDoS attacks can be sold. So a buyer could request a certain site is taken offline, and pay a sum for its execution. Revenge is often a motive in these cases.
Alternatively, attackers might want to blackmail a site for money and keep their site down for days until they pay.
Finally, a popular tactic used to influence political events and block others political agendas is to overwhelm and bring down sites with different views and you. This activism is becoming an increasingly popular way of using DDoS attacks to control the media.
How do I know if I’m a victim of a DDoS attack?
Before your website crashes and goes offline entirely, there are a few warning signs to look out for.
A common effect of DDoS attacks is an unusually slow connection to your site. Some DDoS attacks twin this with a large and sharp increase of spam emails.
If your overall network performance is slow, there is no need to assume it’s a DDoS attack but if it has slowed down rapidly and you’re unable to open files or perform usually quick maintenance tasks on your website, you might have a problem.
For most, the biggest (and most obvious) giveaway is that your site cannot be accessed. If you’ve checked all other possibilities, and you have no access whatsoever, it could be a DDoS attack.