Denial of Service Attacks: What You Need to Know
You may have heard references to “Denial of Service” attacks on a website, but what does that mean? And is it something you need to worry about for your own business website?
Simply put, a Denial of Service attack, or more specifically a Distributed Denial of Service (DDoS) attack is an assault on a website by a hacker or group of hackers. Unlike many attacks, the hacker isn’t trying to steal information or credit card numbers, but simply to take your website down.
How a Denial of Service Attack Works
The most frequently seen Denial of Service attack is one of the most basic types of cyber attacks, but it’s aggravatingly effective. The hacker floods your server with requests for information from the page, at a quantity or speed that overwhelms the ability of your server to process the incoming requests. This effectively makes your website unavailable for any legitimate users for as long as the bogus requests keep flooding in.
In many cases, the overwhelmed server will crash, or exceed the traffic allowances of the internet service provider, which can keep a website offline well after the incoming requests die off.
To visualize a Denial of Service attack, imagine the front entrance of a store on Black Friday when the store has advertised lots of great deals. When the door opens, the impatient crowd pours in, and the pileup of people all trying to get in at once often means that no one can get through. And if the surge of people is completely overwhelming, someone may get hurt or a fight breaks out. Now everything has to stop while police or paramedics respond and sort things out, and no one can get into the store until they finish.
In the early days of the internet, when traffic was slower and servers were smaller, one malicious person hitting the refresh button over and over at a fast enough speed could create a denial of service on their own. But internet service providers and firewalls soon created automated tools to spot an unusual increase in traffic from one location and block that source.
Nowadays hackers rely on botnets — a series of dozens, hundreds, or even thousands of computers that have been compromised by a virus or malware, allowing the hacker to force all of them to assault the target website at once. The many sources of incoming traffic make it much more difficult for automated tools to recognize and block them. This is what is meant by a Distributed Denial of Service.
Why Do Hackers Use DDoS Attacks?
If hackers aren’t trying to steal information or make money from the attack, why do they do it?
The simplest answer is because they can. Hackers view it as a challenge and will try to take down major websites as a test of skill.
They also may be motivated by anger. DDoS attacks are often a result of a person or group of people having a grievance against a particular website. This can be as complex as a group like Anonymous, which is usually politically motivated, or as simple as a lone disgruntled employee. Compared to other types of hacking attacks, DDoS is fairly easy to do without a great deal of knowledge of programming or security.
There also could be a financial incentive. There have been cases of extortion where hackers blocked a site, then demanded payment to have it unblocked. If you are a small business with a highly seasonal trade, such as Halloween costumes or Christmas decor, your website being blocked for a few key hours or days could ruin your entire year. In that case, you would be tempted to pay to make the problem go away immediately than to wait for your IT people to sort it out. There have also been instances where other businesses paid hackers to take down a website to block the competition.
Defending against a DDoS Attack
A small DDoS attack is not too difficult to defend against. You or your IT person will need to set up your systems to spot fake traffic among the legitimate website hits. This can be done by having servers scan packet headers and block anything that looks like an attack packet, while letting the rest through.
A large-scale DDoS attack, on the other hand, can be extremely challenging. When thousands or even hundreds of thousands of computers are attacking, even the best sysadmin will have trouble. The above technique doesn’t work because the traffic comes so fast and furiously that even evaluating just the headers of packets takes too long.
At this level, you need a sysadmin who is able to quickly reconfigure your server to stand up to the attack. You may need to add bandwidth or more CPU power on the fly.
DDoS attacks are a headache, and a well-timed one can be at least temporarily disastrous, but are not all that frequent compared to intrusion-type attempts that go after your or your customers’ information. If you find your website under a small DDoS attack, you should be able to deflect it yourself or with the help of any IT person with basic knowledge to reconfigure servers.
When facing a large scale DDoS attack, many small businesses will have to seek outside help from the internet service provider or a cybersecurity firm that can quickly mobilize a defense. It’s a good idea to plan ahead for this possibility by having a relationship with a cybersecurity firm already in place, or by adding cybersecurity insurance to your overall business insurance policy.