What is a DDoS attack?

Recent government research reveals that nearly half of UK businesses have suffered a cyberattack. But cybercrime takes many forms, including DDoS attacks. Here’s how they work and what you can do to protect your business.

What is a DDoS attack?

DDoS stands for distributed denial of service. It’s a type of cyberattack designed to stop the normal flow of internet traffic. Essentially, DDoS attacks send so much traffic to the targeted website that it crashes. Think of it as rush hour that becomes gridlocked.

How does DDoS work?

Criminals create a network of devices that they can control remotely. They will then instruct those devices to bombard the victim’s website with fake internet traffic, causing it to overload and crash.

The network of devices is called a Botnet with each individual device known as a bot. Cybercriminals recruit bots for their Botnet by infecting them through malicious software (malware for short). These can then be directly controlled by the criminals.

It sounds like a science fiction plot but it’s actually one of the simplest types of cyberattack. DDoS attacks are also hard to spot because fake traffic can’t easily be separated from real traffic – which is what makes these incidents so troublesome.

What are the different types of DDoS attack?

DDoS attacks fall into one of three main categories:

1. Volumetric attack

   As the name suggests, this type of DDoS attack focuses on sending vast amounts of traffic to the victim’s website to the point where it can’t cope.

2. Protocol attack

   Instead of relying on just the volume of fake traffic, these attacks interrupt normal network ‘protocols’.
   These protocols are a little like conversational rules between computer networks. One of those protocols for example, is an initial handshake between networks. Normal protocols mean that device A calls device B, device B answers and device A acknowledges the answer. The networks can then get on with business.
   In a DDoS protocol attack, the last acknowledgment is never made – basically leaving device B hanging. When the Botnet overloads the victim’s network with unacknowledged protocols, the system simply collapses.

3. Application attacks

   These attacks fundamentally aim to exhaust the victim’s web service to the point where it either slows down dramatically or comes to a grinding halt.
   It’s similar to a protocol attack but instead of leaving the network hanging, it’s about making complicated request that use up resources – for instance, requesting access to a database or images.  If the victim’s network is overwhelmed by the number of requests it receives, it falls over itself and stops working altogether.

Which type of DDoS attack is the worst?

No DDoS attack is good and they’re all effective in bringing a network down. In reality, criminals often use elements from each of the three types to create a complex and malicious attack

However, the most sophisticated type of DDoS attack is an application attack as this involves actually asking the network to do something which it eventually realises it can’t do.

Why do hackers use DDoS?

As with many other types of cybercrime, criminals use DDoS for a variety of reasons, including:

• Competition – old fashioned competition could be a reason why some businesses experience frequent DDoS attacks. In fact, around 40% of businesses are convinced that competitors are involved in launching attacks against them.
• Hacktivism or politics – activists can use DDoS attacks to bring down websites, businesses or organisations they don’t agree with for ethical or political reasons.
• Revenge – angry ex-employees are sometimes behind DDoS attacks.
• Extortion – DDoS attacks can be hugely disruptive, to end the attack or minimise the damage, criminals could demand a ransom.
• Smokescreen – in some cases, DDoS attacks act as a distraction while hackers carry out other criminal activities.
• Fun – not all cyberattacks are launched by master criminals, some hackers might simply see it as a bit of fun.

How long do DDoS attacks last and how serious are they?

DDoS attacks can last minutes, hours or days – the longest attack recorded lasted five days. Needless to say, this can have a devastating impact on revenue and reputation.

In fact, the financial implications are staggering. It’s estimated that every DDoS attack costs businesses £140,000 or £2,140 per minute. Over a year, experts say the financial cost across all affected businesses amounts to an eye-watering £1 billion.

Recent data also revealed that DDoS attacks increased by 151% in the first half of 2020 compared to the same period in 2019.

How to stop a DDoS attack

DDoS prevention is difficult. This is simply because it’s difficult to distinguish between real and fake traffic, especially if there’s a genuine reason why traffic might spike (such as seasonal sales).

One of the few ways you can minimise the impact of a DDoS attack, is to create a network that can absorb or redistribute vast amounts of traffic. There are also firms that specialise in helping you mitigate DDoS attacks including Akamai, Cloudflare, and UKFast.

Experts also recommend that your business has a plan for managing a DDoS attack if it happens. This includes allocating roles so employees know who to call and what to do if an attack is launched. It might not seem like much, but with minutes potentially costing thousands, time is of the essence.

Does cyber insurance cover DDoS attacks?

Cyber insurance can cover a range of events including business interruption, data loss, liability and reputational damage. Remember that the level of cover and features you need will depend on the nature and size of your business.

At Alan Boswell Group, we understand how important it is to keep your data and networks safe, particularly as the number of contactless transactions rise. To find out more about how we can help, visit our cyber insurance hub or speak to one of our experts directly on 01603 218000.