Looking for a way to protect your organization from distributed denial-of-service (DDoS) cyberattacks? You're not alone. DDoS protection is front-of-mind for companies and ISPs of all sizes. Read on for the latest on DDoS attacks, what to do if you're a victim, and how a VPN protects you from them.
What Are DDoS Attacks?
Hackers use DDOS attacks to force people offline by flooding a network with requests and traffic. The high volume of unwanted internet traffic from hackers overwhelms the site so legitimate requests from real users can't get through.
Note: Wondering what separates a DDoS attack from a Denial of Service (DOS) attack? The main difference is that DoS attacks use a single machine and DDoS attacks employ multiple machines.
DDoS Attacks in the News
The first DDOS attack happened in 1996, and they've only increased in frequency and complexity since then. The COVID-19 pandemic created more remote workers and online shoppers than ever before, and that kept cybercriminals busy.
- DDoS attacks increased by 151% YoY in the first half of 2020.
- 91% of 2020's DDoS attacks happened in Q3 and lasted up to four hours.
- As many as 15.4 million DDoS attacks could happen in the next two years.
- A failed 2020 attack on Amazon reached peak traffic volume of 2.3 Tbps (almost twice the size of the previous largest recorded attack).
- Shortly after the Amazon attack Google announced an attack that peaked at 2.5 Tbps.
- The average 2020 DDoS attack used more than 1 Gbps of data.
- The number of DDoS attacks over 100 GB/s in volume increased 776% in Q1 2020.
- The average length of an attack increased from ten minutes or less to 30-60 minutes.
- DDoS-imposed downtime and mitigation can cost enterprises $50,000 in lost revenue.
How Do DDoS Attacks Work?
In a DDoS attack:
- DDoS attackers infect networks of computers and other internet-connected machines with malware.
- Malware lets hackers turn the infected devices into bots, or botnets, and control them remotely.
- Attackers send remote instructions to each bot in the botnet.
- Each bot sends requests to the targeted network’s IP address.
- The volume of requests from the botnet overwhelms the targeted site or network.
- Unable to distinguish botnet traffic from legitimate users, the site or network can't function normally.
Types of DDoS Attacks
In broad terms the three most common types of DDoS attacks are:
- Volume-based Attacks: Volumetric attacks — ICMP, UDP floods, spoofed-packet floods — send enormous volumes of fake traffic to overwhelm a website or server; measured in bits per second (bps).
- Protocol or Network-layer Attacks: SYN floods (the most common type of attack) and Smurf DDoS protocol attacks, measured in packets per second (PPS), target network infrastructures and associated management tools with large numbers of packets.
- Application-layer Attacks: Also known as Layer 7 attacks, they overwhelm apps with maliciously crafted requests; measured in requests per second (RPS) and includes HTTP floods, SQL injections, cross-site scripting, parameter tampering, and Slowloris attacks.
Security Magazine has a complete list of known DDoS attacks here.
Ramifications of DDoS Attacks
DDoS attacks cost a company time, effort, and money. A small business hit with a DDoS attack faces expenses up to $120,000. For large companies the cost can be as high as $2 million. In 2021 the global total is on track to hit the $6 trillion mark, with projections indicating that the number of annual attacks will continue to increase.
And, as if the financial implications aren't enough, lost customer confidence that sends users to competitors is even more costly.
Where Do DDoS Attacks Come From?
Attacks can be motivated by politics, revenge, or thrill-seeking, but the most common motive is financial gain. That's why banks and credit card companies are popular targets.
DDoS attacks can originate anywhere, but most come from the United States (1,591,719), China (1,388,531), Korea (776,327), Russia (696,186), and India (283,960).
Signs of a DDoS Attack
DDoS attacks aren’t the only source of site and network availability issues, but consider the possibility of a DDoS if:
- A website is down.
- Admins can’t access site or network management tools.
- Slowed site and/or network speeds.
- Internet access is lost.
How can you detect and identify an attack? According to the Cybersecurity and Infrastructure Security Agency (CISA), the best way is monitoring network traffic. This can be done by:
- Monitoring network traffic via a firewall or intrusion detection system.
- Setting rules and alerts that detect an anomalous traffic load and identify the source of the traffic, or drop network packets that meet certain criteria.
So You've Been DDoSed. Now What?
An analysis of your network traffic confirms you're experiencing a DDoS. What steps should you take? Your first calls should be to your network administrator and ISP, according to CISA.
- Confirm whether the service outage is due to maintenance or an in-house network issue.
- Network administrators can monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service.
Internet Service Provider
- Ask if there’s an outage on their end or even if their network is the target of the attack .
- ISP may be able to advise you on an appropriate course of action.
Cybercriminals never sleep, so your cybersecurity needs to be ready 24/7. Here are five steps that can help reduce the risk:
- Develop an Attack Prevention and Response Plan - Create a plan and educate your team on it. Make sure you know what your next steps would be were you to face an attack.
- Secure Your Network Infrastructure - Are you using a secure VPN? What tools do you have in place to protect your data? What devices are allowed to connect to your network?
- Practice Basic Network Security - MFA. Strong passwords. The knowledge to recognize phishing scams. All these policies and more need to be standard for your team.
- Maintain Strong Network Architecture - Limited access is essential. Make sure your team only has access to the tools they need to do their job — they don’t need access to everything.
- Recognize the Warning Signs - There are a number of warning signs that might point to a DDOS attack, including a slow network, or being blocked out of certain sites. If you notice slow access to files, an increase in spam, or internet disconnection, those can all be red flags.
DDoS mitigation actions and hardware recommended by CISA include:
- Using stateful inspection firewalls and stateful SYN proxy mechanisms
- Limiting the number of SYNs per second per IP and SYNs per second per destination IP
- Setting ICMP flood and UDP flood SCREEN settings (thresholds) in the firewall
- Rating limit routers adjacent to the firewall and network
Note: Provisioning extra bandwidth can provide a measure of protection. Unfortunately, this is expensive and less effective than other measures.
Can a VPN Prevent DDoS Attacks?
A virtual private network (VPN) is essential to thwarting cybercriminals and DDoS attacks targeting businesses. When employees work off-site they need secure internet connections. The network firewall doesn't protect them at home or on the road.
VPN service from a reputable VPN provider is a reliable anti-DDoS solution. A cloud or on-prem VPN server protects online activity with a virtual tunnel. The tunnel keeps unauthorized users out and encrypts data when employees work remotely.
Business VPNs provide a dedicated IP address and dedicated server designed specifically for business users. With your encrypted data protected within the VPN tunnel, and using the VPN IP address, cybercriminals can’t find your network. This makes launching a DDoS attack much more difficult -- hackers can't flood what they can't see.
Keep in mind that a VPN can help prevent DDoS attacks, but can't stop them once they happen. It's important that you research your options, find the best VPN for your organization, and ensure your employees use it. Then, make sure you have a plan in place for if and when you experience a DDoS attack — it’s always better to be prepared.
OpenVPN Cloud, our next-gen managed VPN solution, allows you to safeguard your resources in a controlled, adaptive, and scalable manner. And it does it at a fraction of the cost and provisioning of other approaches, without the headache that comes with legacy VPNs focused purely on remote access and connecting resources.
Best of all, you can test drive OpenVPN Cloud with three free connections and access to all our premium features.