Denial of Service (DoS) attacks are designed to degrade or destroy the availability of a certain service, such as an organization’s web presence. These attacks can be performed in a number of different ways by targeting vulnerabilities in a target system.
A Distributed Denial of Service (DDoS) attack takes advantage of the fact that any computer system can only process a finite amount of data at any given time. By exceeding this maximum capacity of the system with malicious or spam data and requests, a cybercriminal can make it impossible for the system to process legitimate requests or, at least, degrade its ability to do so.
DDoS attackers build botnets containing thousands or hundreds of thousands of Internet-connected systems that are used solely to send this malicious traffic against chosen targets. As cybercriminals’ abilities to build these botnets grow, due to the availability of vulnerable Internet of Things (IoT) devices and cheap cloud computing, DDoS attacks are increasingly common. Protecting against these attacks and ensuring the availability and functionality of critical systems requires organizations to deploy a specialized DDoS mitigation service.
The Growth of the DDoS Attack
DDoS attacks have been around for a while now, and, throughout their history, have been evolving to be more effective. As technology and DDoS detection solutions have matured, cybercriminals have refined their attacks. In 2019, the number of DDoS attacks continued to increase. Compared to the previous year, DDoS attacks grew by 16% in 2019. This means that 16 DDoS attacks occurred every minute or at a rate of one every three to four seconds.
While massive DDoS attacks still occurred in 2019, with rates reaching at least 622 Gbps, many cybercriminals are abandoning these large-scale attacks. Attacks of these bandwidths are extremely obvious, making it more likely that law enforcement will detect them and come after the perpetrators.
Instead, DDoS attackers primarily perform attacks with rates in the range of 100-200 Gbps. In general, attacks of this magnitude are capable of having a significant impact on the target service, if not taking it down entirely, but are subtler and less likely to draw the attention of the authorities. As a result, DDoS attacks of this size grew by 15% in 2019 and made up over 86% of DDoS attacks.
Drivers Behind DDoS Growth
The growing number of DDoS attacks indicates that these attacks continue to become easier and more economical to perform. The number of DDoS for hire sites in operation, where cybercriminals operating DDoS botnets sell their services to third parties, and the fact that DDoS attacks commonly target the gaming industry, where they are used to affect rankings on leaderboards, indicate that the price of performing a DDoS attack have dropped to the point where they have become widely accessible.
One of the major drivers of the growth of DDoS attacks, both in number and volume, is the expansion of the Internet of Things. IoT devices are notorious for their poor security, especially their use of default manufacturer usernames and passwords. Botnets like Mirai and its derivatives primarily exploit new devices by logging into them via Telnet, using lists of common credentials, and then adding them to the DDoS botnet. The fact that IoT devices often contain vulnerabilities and do not benefit from antivirus software or regular updates only contribute to the problem.
However, the growing use of IoT devices is not the only driver behind the rise in DDoS attacks. The availability of cheap computational resources from cloud service providers (CSPs) means that some cybercriminals are transitioning over from IoT botnets to ones based in the cloud. In fact, one DDoS for hire site operator recently leaked a list of IP addresses and login credentials for over 515,000 vulnerable IoT devices. The rationale behind the release of the list was that he had recently transitioned over to a cloud-based botnet and no longer needed access to these devices.
Protecting Against DDoS Attacks
As the IoT grows and cloud computing becomes more affordable, the threat of DDoS attacks is growing as well. In 2019, the number of DDoS attacks increased significantly over the previous year, and many DDoS attackers are focusing their efforts on attack volumes that can have a significant impact upon their targets but are less likely to be detected and acted upon by law enforcement.
DDoS attacks are performed for a number of different purposes and have significant impacts upon both their targets and the devices being used to perform the attack. Performing a DDoS attack consumes computational power and network bandwidth belonging to the owners of the DDoS botnet, and processing the DDoS data consumes a similar amount of resources on the target system. Additionally, DDoS attacks are frequently used as a smokescreen, where the loud and very obvious DDoS attack distracts attention and resources away from a subtler threat, such as the theft of sensitive data or infection of the network with malware.
As the threat of the DDoS attack grows, organizations must put in place defenses designed to detect and block these attacks. Deploying a DDoS protection solution not only decreases the probability that a DDoS attack will be successful, ensuring the availability of valuable resources, but also makes these attacks less profitable to the attacker, decreasing the probability that they will continue to be a threat in the future.