Example view of a DDoS attack

What is “DDoS Mitigation”?

“Distributed Denial of Service” (DDoS) attacks have been used by cybercriminals for more than 20 years to infiltrate the IT systems of companies in a targeted manner and inflict massive damage. DDoS mitigation is a term used in cybersecurity to describe a variety of protection concepts that provide the best possible defense against such attacks.

At one look

  1. 01. A definition of DDoS Mitigation
    1. 02. What does a DDoS attack look like?
      1. 03. Distributed Reflection Denial of Service Attack (DRDoS)
        1. 04. Who are the attackers?
          1. 05. What methods do attackers use?
            1. 06. What are the consequences of an attack?
              1. 07. What industries are affected?
                1. 08. How can DDoS attacks be fended off?
                  1. 09. Other tips for successfully fending off DDoS attacks
                    1. 10. What you need to know about DDoS Mitigation
                      Explanation graphic in which 3 layers DDoS attacks are defended against by Myra.

                      01

                      A definition of DDoS Mitigation

                      Digitization continues at an unstoppable pace. The continuous growth of smart devices on the Internet of Things (IoT) and the ever-expanding networking in the cloud also have a flip side: IT is increasingly being weaponized by cybercriminals. Distributed Denial of Service (DDoS) attacks in particular are becoming more and more powerful and increasingly profitable for criminal hackers: They have long since evolved from botnet-based attacks to data-driven models with the help of artificial intelligence (AI).

                      DDoS Mitigation helps companies to protect their IT from such volumetric attacks and to fend them off in a systematic way. Mitigation means reducing the severity, seriousness, or painfulness of something—and that is precisely the goal: to minimize the damage of a DDoS attack to the greatest extent possible.

                      02

                      What does a DDoS attack look like?

                      In a DDoS attack, attackers specifically cause the unavailability of a service or server by overloading the system. One of the ways they do this is by infecting multiple computers with malware, which they then use to take control of unnoticed. The attackers misuse the computer network, also called a botnet, to carry out remote-controlled DDoS attacks. Via the botnet, they launch simultaneous attacks on their target, bombarding its infrastructure with countless requests. As a result, a company’s IT systems become overloaded, specific services may no longer be available, and sensitive data may be inadvertently leaked, also damaging the company’s reputation.

                      03

                      Distributed Reflection Denial of Service Attack (DRDoS)

                      A Distributed Reflection Denial of Service attack is a special form of DDoS. In this case, malicious requests do not originate from a botnet, for example, but from normal Internet services, making defense even trickier, since in the first step the system does not recognize a direct threat posed by these Internet services. Via IP spoofing (sending IP packets with forged IP sender addresses), attackers manipulate these services to direct traffic towards the target. This approach makes it possible to conceal attacks. DRDoS attacks take place, for instance, via DNS services, as DNS amplification attacks, in which massive amounts of data flood the victim.

                      04

                      Who are the attackers?

                      Their motives for carrying out a DDoS attack are as varied as they are vile: extortion, harming the competition, envy, or political protest. The goal, however, is always the same: causing the victim organization as much damage as possible. Who are behind the attacks?

                      • Individual criminals or groups

                      • Political activits

                      • Competitors

                      • Dissatisfied users/customers who want to make their displeasure more than clearly known

                      05

                      What methods do attackers use?

                      Cybercriminals use different kinds of DDoS attacks. The methods used can be divided into different categories based on what layers (according to the Open System Interconnection model for network protocols, or OSI model for short) are the focus of the attack.

                      One of the most common methods is to overload system resources or network bandwidths (layers 3 and 4). In the last few years, there has been a trend among cybercriminals to shift attacks to the user level (layer 7). However, patterns and bandwidths of DDoS attacks change on a daily basis, making it essential for companies to take a comprehensive look at the potential risks and a DDoS defense is appropriate for their purposes.

                      /

                      06

                      What are the consequences of an attack?

                      Cybercriminals targeting companies and planning a DDoS attack often have the goal of inflicting economic or financial damage to the affected company or ruining its reputation. By disrupting the company’s website or an e-commerce platform, profits get “hammered” and its image is significantly tarnished. Fending off or eliminating such damage involves a larger budget and can take years. The consequences of data theft can, however, be more profound and far more damaging to the image of the affected company. If a company’s IT systems are attacked and weakened by high or excessive loads, it is quite possible that sensitive data will be leaked. Victim organizations still suffer from the consequences even years later. Having a comprehensive mitigation concept is therefore extremely important for effective DDoS protection.

                      /

                      07

                      What industries are affected?

                      Any industry and any company can be the victim of a DDoS attack, regardless of its size. The question is when—not whether—an attack will be leveled against your company and how quickly it will be discovered. The focus of cybercriminals and extortionists are e-commerce businesses, banks, FinTech companies and insurance companies, manufacturing trades, media, and the health sector. Data centers and public sector organizations are also preferred targets of DDoS attackers. The motives of these criminals go way beyond demanding money: With their attacks, they want to paralyze production plants and processes, interrupt the supply of power or energy, and influence reporting.

                      08

                      How can DDoS attacks be fended off?

                      In an age of large-scale networking, DDoS attacks are almost a daily occurrence. There is probably no company that does not somehow encounter them in one way or another. To ensure that you are immune to such cyberattacks, it is advisable to rely on the expertise of experienced IT security service providers who know exactly how to deal with them.

                      DDoS protection solutions filter incoming traffic and thus differentiate between valid requests and malicious access. Companies that are frequently affected by DDoS attacks, or generally have a higher risk of damage, do well to leave their protection mechanism active in the long term—others only use the solutions when necessary to reduce effort and costs. Depending on the level of protection required, hardware appliances or cloud solutions can be used.

                      On Premise DDoS Protection Using Hardware

                      In this instance, an appliance is installed in the company’s data center or in the backend of the provider. This application filters out a large part of the traffic—similar to what a specialized virus scanner does. The protection is immediate and does not require significant changes to the network. However, the on-premise option is not suitable for large volumetric attacks, as the upstream provider is quickly overloaded, preventing the attack’s traffic from reaching the appliance.

                      DDoS Protection as a Cloud Service:

                      In this variant, even large volumetric attacks can be fended off. Unlike an appliance, no additional hardware or software is required. The IT security service provider also handles configuration and operation. There are a variety of cloud-based DDoS protection services available for protecting websites and online services (layer 7) and for defending data centers (layers 3/4). Depending on requirements, cloud protection can be permanently enabled or only on-demand in the event of an attack.

                      09

                      Other tips for successfully fending off DDoS attacks

                      In order to successfully minimize the risk of DDoS attacks and to be prepared for an emergency, the following considerations in advance are absolutely warranted:

                      "DDoS-Playbook"

                      Companies that have preemptively set up a “DDoS playbook” are strategically better able to handle an emergency. The playbook should include the names and details of the employees to be contacted in case of an attack. It is also helpful if the roles and responsibilities are precisely defined and documented. Particularly in a worst-case scenario, nothing should be left to chance. All of these details are intended to ensure that communication and operative capacity remain operational in the event of an attack, even if IT fails or specific processes are temporarily unavailable.

                      Monitoring

                      The defense of a network can never be overestimated. After all, the use of modern network technologies has increased and some industries can no longer be imagined without them. That’s why IT security should be an integral component of corporate strategy.

                      Benchmarking

                      To better identify ongoing attacks, a kind of benchmarking is also recommended. A number of companies still have no idea how high network utilization is in “normal” operation. This is why they are not immediately able to determine whether they are vulnerable to a DDoS attack—companies often mistakenly believe that they are safe because they are not very good at assessing the risks and do not know their own protection systems well enough. That’s why it is essential to closely monitor network traffic and set benchmarks to ensure that anomalies are correctly classified without delay.

                      Maintenance

                      The maintenance and permanent monitoring of servers and network devices with patches released by manufacturers must be a key component of an IT security concept and must also be evaluated as such.

                      Challenging

                      It is advisable to regularly evaluate the benchmarks set and to “call them into question” again and again this is the only way to best protect the performance of the systems and other critical factors.

                      Awareness

                      Increase the consciousness and awareness of security: Increased security awareness is also required within the company, especially if it has a business-critical online presence or network infrastructure.

                      10

                      What you need to know about DDoS mitigation

                      Attackers employ DDoS attacks to bring the IT infrastructure of companies to its knees with massive amounts of fake server requests. To do this, cybercriminals use widely dispersed botnets as a weapon or misuse the DNS to intensify attacks. In many cases, DDoS attacks are accompanied by other concurrent attacks designed to infiltrate the system with malware or steal valuable corporate data.

                      Effective defense against such DDoS attacks requires professional protection solutions perfectly tailored to your own IT infrastructure and quickly available when needed. Only when these requirements are met can costly failures of online services and other digital processes be avoided.

                      DDoS protection filters incoming traffic and only forwards legitimate requests to web servers, protecting the underlying IT infrastructure from becoming overloaded and making it possible for conventional requests to still be processed as usual.

                      Myra Security-as-a-Service-Plattform gives companies in any sector a customized solution for protecting digital business processes. The fully automated technology analyzes incoming traffic in real time and filters out malicious data streams before virtual attacks do any real harm. Thanks to its cloud-based design, implementation of the protection solution is quick and easy, requiring no additional hardware or software.

                      © Myra Security GmbH 2023, alle Rechte vorbehalten

                      Responsible DisclosureGlossarImpressumDatenschutzAGB