Knowing is Half the Battle: A Deeper Understanding of DDoS Attacks

Remote DDOS Attack

It was philosopher and military strategist Sun Tzu who once wrote that if you know your enemies and know yourself, you will not be imperiled in 100 battles. Though The Art of War was written in ancient China and therefore probably does not refer to the internet security battle against Distributed Denial of Services (DDoS) attacks, it very well could.

If you’re a website owner or someone who is at all involved in running a website, you’ve probably heard of DDoS attacks, and you probably know enough to fear them. But how much do you really know about DDoS attacks? Knowing is half the battle, so keep reading for the details on what DDoS attacks are, who’s behind them and who’s at risk. And then keep reading for the other half of the battle: what you can do about these DDoS attacks.

What DDoS does

A DDoS attack is a distributed denial of service attack. It’s so named because it’s distributed, coming from a number of compromised computers and other internet-connected machines, and because it’s an attack that seeks to deny the services of your website to its legitimate users.

The network of compromised computers and machines used in a DDoS attack is collectively called a botnet. Botnets range in size, but often involve millions of compromised computers. Typically, users of a compromised computer have no idea it’s been compromised and is being used to render websites unusable and cause incredible damage.

This collection of compromised computers denies the services of your website to its users by flooding it with traffic, overwhelming your network infrastructure and either slowing your site to the point that it’s unusable, or taking it completely offline.

Targets a-plenty

If you’re wondering who exactly is at risk of DDoS attacks, that’s perhaps the simplest part of all this: everyone. Basically anyone with a public online presence. This includes large enterprises, small businesses, mid-sized corporations, political entities, governments, online personalities, controversial leaders, and so on and so forth.

Who’s behind it

So now you know who the targets are, the malicious purpose of an attack, and the network of zombie computers making DDoS attacks possible. But where do these botnets come from?

Botnets are built and distributed by what DDoS protection services provider Incapsula calls “the arms dealers”. Incapsula groups the arms dealers into four different groups. The Builder is someone who uses malware kits to create botnets, usually for herders and booters. And who are herders and booters?

Bot herders control botnets using remote command-and-control servers, while booters provide access to botnets and toolkits for a price. The fourth type of arms dealers is Kit Makers who, as you might expect, make toolkits that are designed to make botnets easily accessible.

The arms dealers are essentially the middlemen who make it possible for people to become DDoS attackers.

Doing the dirty work

There’s one overarching label for everyone who launches a DDoS attack: cyber criminals. However, DDoS attaching cyber criminals can be separated into groups based on their motivations.

Extortionists are in it to make a quick buck, sending DDoS ransom notes to site owners demanding payment in return for not hitting the site with a DDoS attack. Extortionists will target anyone and everyone and can be a major menace to smaller websites and businesses.

Script kiddies are also a DDoS threat to smaller websites and businesses, as they tend to launch attacks purely for their own enjoyment, or so they can brag online about their exploits. Script kiddies aren’t particularly skilled, but thanks to the arms dealers, they don’t have to be.

Harassers are essentially online bullies looking to make peoples’ lives miserable through DDoS attacks. Intimidators are similar to harassers, but they have a purpose: threatening free speech and disrupting political discussions. Hacktivists take it even a few steps further, expressing criticism of governments, politicians, organizations and even individuals through DDoS attacks.

Lastly, Hired Guns are basically DDoS hitmen. They’re paid to launch DDoS attacks against websites of their clients’ choosing. Hired guns are often used by businesses to take aim at their competitors.

What it all comes down to

If you think you know the whole story now, take a deep breath. The damage caused by a DDoS attack extends well beyond downtime.

The average cost of mitigating a DDoS attack is $408,292 – that’s 19 days of mitigation costing over $21,000 per day. Further, 39% of business targeted by a DDoS attack experience business disruption, 35% experience a loss of information, and 21% experience a loss of revenue.

Broken down even further, 52% of businesses affected by a DDoS attack have to replace software or hardware, 50% locate malware on their network, 43% experience a loss of consumer trust, largely because 33% experience theft of consumer data, and 19% experience a theft of intellectual property.

The other half of the battle

Now that you know DDoS attacks inside and out, you’re officially at 50%. The other half of the battle is investing in professional DDoS mitigation that stops arms dealers and cyber criminals in their tracks. If you’re aware of DDoS attacks, how they work, and what they can do, there’s no excuse for letting your website or business become one of the above mentioned statistics. As Sun Tzu once said, the supreme art of war is to subdue the enemy without fighting. Stop these attacks before they can even commence.


About the Author: This article and infographic has been contributed by folks at Incapsula

[Header Image Source:]

The post Knowing is Half the Battle: A Deeper Understanding of DDoS Attacks first appeared on . Mobile Apps: Android | iOS.