Distributed Denial-of-Service (DDoS) Attacks

What Is a DDoS Attack?

A Distributed Denial-of-Service (DDoS) attack is a cyberattack that kicks legitimate users out of system resources. First, the attackers steal credentials to access the system and infect devices with malware. The malware allows unauthorized users to remotely control devices and create a group of bots that carry out the attacker’s ill intentions. 

Once a botnet is established, attackers flood the targeted network with so much traffic that the computer crashes and prevents authorized users from accessing the resources. 

Type of DDoS Attacks

DDoS attacks typically work by overwhelming their targets with traffic, but there are different ways that threat actors do this. There are three main types of DDoS attacks.

1. Application Layer Attacks

The goal of an application layer attack, or HTTP flood, is to exhaust network resources and create a denial-of-service situation. Attackers target the server layer where web pages are generated and delivered in response to HTTP requests. Then they flood the server with numerous requests, overloading it, which results in denial-of-service. 

2. Protocol Attacks

Protocol attacks, or state-exhaustion attacks, cause denial-of-service by overconsuming server or network resources. For example, the attacker sends many initial connection requests. Then, the target computer waits for the final step in the TCP handshake. But the connection is never finalized, and the target’s resources are exhausted. 

3. Volumetric Attacks

In a volumetric attack, the attacker creates network congestion by consuming the available bandwidth between devices and the internet. Then large amounts of data are sent to the victim using a botnet. This kind of attack is also called DNS amplification. 

Cost of a DDoS Attack

DDoS attacks are like a hostile takeover. Attackers gain access to your systems, data, and devices and lock legitimate users out of network resources. DDoS attacks can cost organizations significant amounts of time and money to recover from, not to mention reputational damage and downtime.  

According to a recent report, small businesses could end up paying more than $100,000 to recoup their systems and data following a DDoS attack; larger companies can expect to pay $2 million per incident. However, there are steps that organizations can take to detect DDoS attacks and minimize their damage. 

The most effective ways to stop DDoS attacks are to improve your cyber resiliency and increase your threat intelligence-gathering capabilities.

Adopt an advanced Zero Trust Network Access (ZTNA) infrastructure. A cloud-native ZTNA solution that incorporates strong endpoint protection capabilities provides protection, detection, and prevention against DDoS attacks.

Subscribe to a DDoS protection service. A service such as AWS Shield monitors traffic, identifies attacks, and mitigates their impact by rerouting malicious traffic away from your network.

Configure your network to support anycast network diffusion. Incorporating anycast routing improves network flexibility by distributing inward-bound traffic across multiple servers.

Conduct routine penetration (pen) testing audits..Regularly practicing your organization’s DDoS response plan with all stakeholders during a simulated attack helps identify gaps and issues.

Support social media intelligence gathering efforts. Monitor social media, particularly Twitter, for threats, conversations, and boasts that may indicate that you have been targeted.

The BlackBerry Incident Response Team  works with organizations of all sizes in every industry to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.  Whether you're under cyberattack, need to contain a breach, or want to develop an incident response plan, we can help.