Attackers’ motives for carrying out a DDoS attack are varied: extortion, harming the competition, envy, or political protest. The goal, however, is always the same: causing the victim organization as much damage as possible.
Individual criminals or groups
CP SYN floods and UDP-based reflection attacks are among the most frequent attacks on the network and transport layer (layers 3 and 4). Other typical methods of attack include ICMP flood, UDP fragmentation, UDP amplification via DNS, NTP, rpcbind, SSDP, ACK flood, and RST flood. All of these attacks either overload the target with very high bandwidth or enormous packet rates. Legitimate attempts to access the data channel to establish communication are no longer possible.
In a SYN-ACK flood attack (or SYN and ACK floods), for example, a botnet remotely controlled by attackers bombards a server with SYN packets. They are usually part of what is called at three-way handshake, which occurs when a TCP connection is established between client and server. A SYN/ACK attack produces a huge number of half-open connections by sending many SYN, but none of the ACK packets needed to establish a full connection. As a result, no new connections can be established and the website is no longer accessible.
Myra Cloud Scrubbing protects IT infrastructure against such volumetric attacks on the network and transport layers. Detailed traffic analyses are provided by automatic flow monitoring. The failover of affected networks in case of an attack is fully automated.
DDoS attacks on the application layer (layer 7) are based on connections that have already been established and have become one of the most common forms of attack. HTTP GET, POST, and other flood attacks as well as low and slow attacks are particularly popular with cybercriminals. They seek to penetrate the weakest component of an infrastructure, causing an overload of the web application.
For example, an attacker uses an HTTP GET flood attack to flood a web server with HTTP requests that specifically request pages with a large load volume. This causes the server to overload and it is no longer able to process legitimate requests. As a result, the website is no longer accessible to users.
Attacks on the application layer are usually not detected by the sensors used to protect the network and transport layers. Since they consist of standard URL requests, flood attacks are difficult to distinguish from normal traffic. Layer 3 and 4 protection systems, for example, cannot distinguish between an HTTP GET flood attack and a valid download. Accordingly, securing a web application requires DDoS prevention on all relevant layers. Specifically, attacks aimed at stealing sensitive data can only be detected and fended off by using Layer 7 protection.
Myra DDoS Web Protection protects web applications on layer 7 fully automatically. With full traffic visibility, Myra enables intelligent load balancing and site failover with high reliability and minimal response times.
An attack always harms affected companies and institutions, regardless of which method is chosen. Victim organizations still suffer from the consequences even years later. It is therefore extremely important to be adequately protected against DDoS attacks.
A few minutes offline can quickly cost thousands of euros. Lost profits and wasted marketing budgets are only one example of the financial damages suffered.
The extent of damage to a company’s reputation caused by a successful DDoS attack is incalculable. Recovery costs a great deal of resources and may take years.
During a DDoS attack, systems no longer operate normally. The heavy load or overload causes some systems to suddenly become vulnerable and opens up new vectors of attack.
The frequency and intensity of DDoS attacks have increased exponentially over the past 10 years. Above all, the intensity of attacks increased massively in the year 2013, since at that time a growing number of DNS servers were employed in DRDoS attacks. For instance, an attack on the anti-spam organization spamhaus.org resulted in load peaks of 300 Gbit/s. The first attacks to reach the 500 Gbit/s mark occurred in the following year. In 2016, Mirai malware caused another record-breaking attack. The malware created a botnet spread across more than 100,000 IoT devices, which in concert launched a 1.2 Tbit/s attack on the service provider Dyn. The most massive DDoS attacks to date took place in 2018. Back then, the GitHub coding platform was overloaded with traffic peaks of 1.35 Tbit/s. In the same year, security researchers also recorded an attack on a US company measuring over 1.7 Tbit/s. Meanwhile, the frequency of DDoS attacks also steadily increased over the years. Between 2014 to 2017 alone, the frequency of DDoS attacks increased more than 2.5-fold.