Distributed Denial of Service (DDoS) is among the topmost occurring cyberattacks worldwide. While it may no longer be as talked about as other cyber threats such as ransomware, it remains a significant concern. In 2020, DDoS attacks increased and became even more complex. The problem has grown this year with peak DDoS traffic rising by 100 percent when comparing numbers from January 2020 to May 2021.
There are no reasons to let up on cybersecurity against DDoS. It is unlikely for the attacks to mellow down, especially with many economies now heading towards recovery. Cybercriminals are seeing more possible victims with greater commercial activity occurring online. Hence, businesses need to be more cautious about the possibility of getting hit by cyber-attacks.
A Nokia Deepfield study provided insights on how DDoS traffic rose dramatically with the number of daily attacks surging by 100 percent in the first five months of the year alone. The study notes that there has been rapid growth in the number of open and insecure internet services and IoT devices, which contributed to raising the potential size of DDoS attacks to 10 Tbps.
“Our current internet security ‘snapshot’ obtained from Deepfield Secure Genome (live data feed on DDoS and other online threats) informs us that many more open servers and insecure IoT devices could launch attacks with intensity above 10 Tbps,” says Nokia Deepfield Product Marketing Director Alex Pavlovic.
These attacks are capable of disrupting various country-level network infrastructure including larger Tier 1 networks that are supposed to be designed to handle higher traffic levels. Even if it does not totally exhaust the capacity of a network, a 10 Tbps DDoS traffic volume can take up a huge percentage of network traffic and create problems along the way.
Businesses will require an enterprise-grade global load balancing solution to make sure that attacks of this magnitude do not result in disruptions. This can serve as a disaster recovery measure as well as an enhanced traffic management system that ensures site visitors do not suffer noticeable page loading slowdowns and responsiveness issues.
A global load balancing solution spreads workload and traffic across multiple servers in different locations worldwide to speed up the processing of requests and to make sure that more than a few servers are available to address access requests.
This results in greater computing efficiency, downtime minimization, and greater overall throughput. If one server fails or suffers a cyber-attack, many more handle the workload and continue operations without significant interruption.
Vulnerability of remote operations
As businesses move online to cope with the restrictions brought about by the pandemic, the risks of becoming victims of DDoS attacks also increase. This may sound like old news, but it remains true until now and will likely be the case even in the new normal or next normal of doing business.
While many acknowledge that remote working is a beneficial new normal, this setup makes organizations prone to service interruption attacks like DDoS. Without the right cyber defenses in place, businesses that rely on the cloud to facilitate work-from-home arrangements will find it difficult to overcome the harassment and extortion attempts of bad actors that attack the limited capacities of their business servers, especially those used by smaller businesses.
“As organizations shifted their operations from on-site to remote working models, DDoS threat actors seized the opportunity to target the supporting backend infrastructure,” said cyber threat expert Pascal Geenens. “With very limited bandwidth, attackers were able to cause maximum disruption with minimal effort, disrupting operations, impacting productivity and compounding the challenging environment that businesses were already facing,” he adds.
Growing attack costs
The European Business Review reported that DDoS attacks can cost companies around $300,000 per hour of downtime. In some places, this can go as high as $540,000 depending on how big the operations of a business are. Considering that around a third of companies suffer downtimes ranging from 7 to 12 hours, the costs can rise to dizzying heights.
Downtime costs are mainly about the sales revenues lost by a company because of the unavailability of their websites or online stores as well as the inability of the company to conduct transactions because their servers are overloaded. These do not include opportunity costs. Also, downtime costs do not take into account the damage to a company’s reputation and the possibility of customers going to competitor businesses.
According to the e-commerce platform Hubspot, the most optimal time for a site to load is within two seconds before customers leave. A page loading waiting time of over three seconds is enough to make customers reconsider their visit. Think of what happens when a site does not load at all and displays a message that it is unavailable at the moment.
Stiffer competition and political motivations
With many companies heading their way to recovery, competition among businesses heats up. Some unscrupulous companies resort to employing DDoS attacks to one-up their competitors. As mentioned, this kind of cyber attack is not only “advantageous” too bad actors because it does not only take away competitors out of the picture; it also creates reputational damage.
On the other hand, it is worth noting how politics is playing a role in the rise of DDoS attacks. There are state-sponsored DDoS campaigns aimed at businesses that are deemed representative of a country considered antagonistic to the attacking country. Domestically, some national or local politicians or political groups also attack the websites of businesses or organizations they consider adversarial or supportive of their opponents’ politics.
Ransomware teaming up with DDoS
Sometimes, DDoS may be used as a convenient smokescreen to conceal a much more sinister cyber attack. The consequences of Denial-of-Service attacks are immediate and easily noticeable. Thus, it creates a significant ruckus that draws the attention of IT teams and business owners, creating an opportunity for an underhanded secondary cyber assault.
In other cases, DDoS is used after a ransomware attack to intensify pressure on the victims to pay the ransom or to bring them back to the negotiating table. This scheme has been used by notorious ransomware perpetrators SunCrypt and Ragnor Locker. The cybercriminal groups Avaddon and DarkSide are also known for using this attack tandem.
Some companies have complete file backups they can use to restore their operations after ransomware succeeds in encrypting critical files. Attackers are aware of this, so they add another burden that will force the victim to succumb to the pressure. DDoS is perfect for the job as it prevents a company from going back online with backup files. If it does not completely stop the recovery of operations, it can at least slow down the recovery. Businesses cannot afford a slow recovery as every minute or hour of downtime can mean enormous costs.
Distributed denial-of-service attacks continue to be a serious threat for businesses. Not taking them seriously is a sure way to suffer significant damages not only in terms of lost revenues but also when it comes to business reputation. They may have evolved over the years, but they are still largely simple attacks that can be addressed by relatively simple solutions. Businesses just need to make sure that they choose dependable solutions and deploy them appropriately.