Distributed Denial-of-Service (DDoS) Attacks

What Is a DDoS Attack?

A Distributed Denial-of-Service (DDoS) attack is a cyberattack that kicks legitimate users out of system resources. First, the attackers steal credentials to access the system and infect devices with malware. The malware allows unauthorized users to remotely control devices and create a group of bots that carry out the attacker’s ill intentions. 

Once a botnet is established, attackers flood the targeted network with so much traffic that the computer crashes and prevents authorized users from accessing the resources. 

Type of DDoS Attacks

DDoS attacks typically work by overwhelming their targets with traffic, but there are different ways that threat actors do this. There are three main types of DDoS attacks.

1. Application Layer Attacks

The goal of an application layer attack, or HTTP flood, is to exhaust network resources and create a denial-of-service situation. Attackers target the server layer where web pages are generated and delivered in response to HTTP requests. Then they flood the server with numerous requests, overloading it, which results in denial-of-service. 

2. Protocol Attacks

Protocol attacks, or state-exhaustion attacks, cause denial-of-service by overconsuming server or network resources. For example, the attacker sends many initial connection requests. Then, the target computer waits for the final step in the TCP handshake. But the connection is never finalized, and the target’s resources are exhausted. 

3. Volumetric Attacks

In a volumetric attack, the attacker creates network congestion by consuming the available bandwidth between devices and the internet. Then large amounts of data are sent to the victim using a botnet. This kind of attack is also called DNS amplification. 

Cost of a DDoS Attack

DDoS attacks are like a hostile takeover. Attackers gain access to your systems, data, and devices and lock legitimate users out of network resources. DDoS attacks can cost organizations significant amounts of time and money to recover from, not to mention reputational damage and downtime.  

According to a recent report, small businesses could end up paying more than $100,000 to recoup their systems and data following a DDoS attack; larger companies can expect to pay $2 million per incident. However, there are steps that organizations can take to detect DDoS attacks and minimize their damage. 

How to Detect a DDoS Attack

A DDoS attack is especially dangerous because some attackers combine methods to create multifaceted malware toolkits. Cybercriminals use DDoS attacks to cripple organizations in every industry, although a few industries are targeted by DDoS attacks more than others. 

For instance, banks are often targets of cyberattacks such as DDoS attacks because of the nature of the data collected from consumers. The financial industry is potentially lucrative for threat actors: the attack surface covers core banking systems, customer accounts, and even large-scale payment ecosystems.

The best way for banks to remain safe and to detect and identify a DDoS attack is through network traffic monitoring and analysis. Securing endpoints is crucial to protecting an organization’s environment, but today’s expanded workplace models require cybersecurity solutions with features like telemetry, behavioral analysis, and continuous authentication. 

The BlackBerry Incident Response Team  works with organizations of all sizes in every industry to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.  Whether you're under cyberattack, need to contain a breach, or want to develop an incident response plan, we can help.