Distributed denial of service (DDoS) attacks can be devastating to your business, both from a revenue perspective and brand reputation – in this blog we explore some of the impacts of these attacks and the reason why DDoS can be a challenge for security teams.
It tends to be the major disruptions of online services that create headline news and draw attention. For those of us following cybersecurity, there’s a natural curiosity to find out which organizations have experienced significant cyberattacks, and how they were impacted. Polls and articles listing the most dramatic service outages, such as the “Top 10 Outages of 2022” get huge interest.
The reality for security teams is that their focus is more likely to be on preventing the smaller, more frequent attacks – such as the DDoS attacks under 50,000 packets per second. These are the causes of many service outages, and the fact is that most security departments are likely to spend significant time trying to prevent them or, if they failed to prevent an attack, on remediation and recovery.
As well as low-packet rate attacks, most DDoS attacks are short in duration i.e., lasting less than 10 minutes. Attackers tend to launch small DDoS attacks because they require much less effort, use fewer resources, and can often escape the radar of legacy, detect and redirect, and homegrown DDoS mitigation tools that struggle to distinguish them from regular traffic. Threat actors may launch what are referred to as ‘pulse’ or ‘saw-tooth’ DDoS attacks, that repeatedly send malicious traffic for just a few minutes, switch off, and then re-appears a few minutes later in a similar or modified form.
This technique is primarily used to evade on-demand scrubbing mitigation services, as the ‘pulses’ can be too short to trigger the required traffic redirection. It also enables DDoS-for-hire services to multiplex their attack resources across a number of victims and support more cybercriminal customers paying to launch damaging DDoS attacks.
Top 4 DDoS impacts
Just because an attack is ‘small’ doesn’t mean it is harmless. Failure to detect and mitigate these small attacks can overwhelm infrastructure and security devices, and chip away at host resources, thus denying end-users access to Internet-facing applications. In today’s ‘always on’ world, service availability, customer satisfaction and trust, rely on consistent and constant uptime for web-site, application, and service availability.
- Almost 80% of businesses say the number one most damaging effect of a DDoS attack is the loss of customer trust and confidence, due to loss of service , which causes damage to your brand. Potential customer churn can affect your bottom line.
- The impacts of even small DDoS attacks can be substantial, consuming the available bandwidth or resources, so even unintended targets are affected.
- DDoS attacks consume IT security staff time for troubleshooting, as they scramble to identify the reason for service outage. Being able to immediately understand whether downtime is due to attack to some other reason is vital.
- They can serve as a vector in sophisticated cyber-crime reconnaissance activities. Attackers may use DDoS to survey and ‘pressure test’ a network for its vulnerabilities, so that the next time they launch an attack, they can capitalize on that insight.
You can’t protect what you can’t see
For these reasons, unless an organization has visibility and mitigation provided by granular, automated, real-time DDoS protection system, it is extremely difficult to:
- Distinguish DDoS traffic from normal traffic, or
- Identify and block the bad traffic immediately.
Traditional detect and redirect solutions often need up to 10 minutes or more before they can actually begin protecting you, the customer. On-demand, cloud-based scrubbing services cannot practically detect and mitigate the short, frequent attacks that many organizations now face. Organizations cannot rely on security analysts manually ‘keeping an eye’ on network traffic. Without effective protection and visibility in place, organizations will be unaware that they are suffering service impact or, if they are aware, they may mistakenly attribute the disruption to other IT issues.
Cybersecurity is a broad landscape and although DDoS is only one aspect, it’s vital to get it right first time and choose a provider that can work with you to address your specific challenges, and enable your employees to focus on other revenue generating initiatives.