For more than 20 years, criminals have been using DDoS attacks to deliberately harm companies and institutions. Due to their immensely powerful nature, they are an incalculable and very serious threat. Thanks to Myra DDoS protection, your IT infrastructure is safe.
- What is „DDoS“? ➔
- What Does a DDoS Attack Look Like? ➔
- Distributed Reflection Denial of Service Attack (DRDoS) ➔
- Who Are the Attackers? ➔
- What Methods Do Attackers Use? ➔
- When is DoS/DDoS a criminal offense? ➔
- What Are the Consequences of an Attack? ➔
- Why the IoT is a DDoS accelerator ➔
- Which Industries Are Affected? ➔
- How to prevent DDoS attacks ➔
- Evolution of DDoS attacks ➔
What is „DDoS“?
A DDoS attack is a special type of cybercrime. As its name says, a Distributed Denial of Service (DDoS) attack is a Denial of Service (DoS) attack that is “distributed.” This means that a requested service is no longer available or only to a very limited extent. In most cases, this is caused by an intentional overloading of the IT infrastructure. Attackers use this kind of cybercrime to extort money from unprotected organizations or to carry out, cover up, or prepare for other criminal activities.
What Does a DDoS Attack Look Like?
During a DDoS attack, the attackers target a service or server to make it unavailable. One of the ways they do this is by infecting multiple computers with malware, which they then use to take control of these computers unnoticed. The attackers misuse this infected computer network—also called a botnet—to carry out remote-controlled DDoS attacks. Via the botnet, they launch simultaneous attacks on their target, bombarding its infrastructure with countless requests.
The more computers are linked together, the more potent the attack is. When servers without DDoS protection are attacked, they are overwhelmed by the enormous number of requests, and their Internet connection is overloaded. As a result, websites only operate very slowly or are no longer available at all.
Distributed Reflection Denial of Service Attack (DRDoS)
A Distributed Reflection Denial of Service attack is a special form of DoS. In this case, malicious requests do not originate from e.g. a botnet, but from normal internet services. Via IP spoofing (sending IP packets with forged IP sender addresses), attackers manipulate these services to direct traffic towards the target. This approach make it possible to conceal attacks. DRDoS attacks take place e.g. via DNS services, as DNS amplification attacks, in which massive amounts of data flood the victim. In an attack on the anti-spam organization spamhaus.org, one such DNS amplification attack led to peak loads of 300 Gbit/s.
Who Are the Attackers?
Attackers’ motives for carrying out a DDoS attack are varied: extortion, harming the competition, envy, or political protest. The goal, however, is always the same: causing the victim organization as much damage as possible.
Individual criminals or groups
What Methods Do Attackers Use?
Cybercriminals use different kinds of DDoS attacks. The methods used can be divided into different categories based on what layers (according to the Open System Interconnection model for network protocols, or OSI model for short) are the focus of the attack.
One of the most common methods is to overload system resources or network bandwidths (layers 3 and 4). In the last few years, there has been a trend among cybercriminals to shift attacks to the user level (layer 7). But the patterns and bandwidths of DDoS attacks change on a daily basis. Thanks to Myra DDoS protection, you are protected against all attack patterns.
When is DoS/DDoS a criminal offense?
In general, DoS/DDoS attacks on a service on the internet are to be regarded as computer sabotage in Germany pursuant to Section 303b of the Criminal Code (StGB) and are hence prosecutable under criminal law. It is irrelevant whether the attack has a criminal intent (e.g. for ransom demands) or takes place as part of a politically motivated act of protest. In some countries, downloading or possessing DoS or DDoS software is itself a criminal offense. Such attacks may generally only be within the law when applied to one’s own hardware on one’s own network. Exceptions apply to hired security auditors as part of penetration testing.
What Are the Consequences of an Attack?
An attack always harms affected companies and institutions, regardless of which method is chosen. Victim organizations still suffer from the consequences even years later. It is therefore extremely important to have effective DDoS protection.
A few minutes offline can quickly cost thousands of euros. Lost profits and wasted marketing budgets are only one example of the financial damages suffered.
The extent of damage to a company’s reputation caused by a successful DDoS attack is incalculable. Recovery costs a great deal of resources and may take years.
During a DDoS attack, systems no longer operate normally. The heavy load or overload causes some systems to suddenly become vulnerable and opens up new vectors of attack.
Why the IoT is a DDoS accelerator
The collective term IoT (Internet of Things) encompasses a variety of networked devices, e.g. from private households, such as IP cameras, but also networked industrial production systems, as well as intelligent control elements in public infrastructure. These devices connected to the internet make an attractive target for cybercriminals, since they can be used as tools for DDoS and other attacks. In order to gain control over IoT devices, cybercriminals employ special malware which spreads independently in networks. The goal is usually to compromise as many systems as possible in order to use them for botnet attacks. One popular example of this kind of malicious software is the malware Mirai, used by cybercriminals to set up botnets. Mirai is associated with the attack on the internet service provider Dyn in 2016. A network of several thousand IP cameras, printers, smart TVs and other devices carried out the attack as a DDoS network and crippled Dyn’s servers for hours on end.
Which Industries Are Affected?
Any industry and any company can be the victim of a DDoS attack, regardless of its size. The question is when—not whether—an attack will be leveled against your company and how quickly it will be discovered. The main targets of cybercriminals and extortionists are e-commerce businesses, banks, FinTech companies and insurance companies, manufacturing companies, media, and the health sector. Data centers and public sector organizations are also preferred targets of DDoS attackers. The motives of these criminals go way beyond demanding money: With their attacks, they want to paralyze production plants and processes, interrupt the supply of power or energy, and influence reporting.
How to prevent DDoS attacks
Evolution of DDoS attacks
The frequency and intensity of DDoS attacks have increased exponentially over the past 10 years. Above all, the intensity of attacks increased massively in the year 2013, since at that time a growing number of DNS servers were employed in DRDoS attacks. For instance, an attack on the anti-spam organization spamhaus.org resulted in load peaks of 300 Gbit/s. The first attacks to reach the 500 Gbit/s mark occurred in the following year. In 2016, Mirai malware caused another record-breaking attack. The malware created a botnet spread across more than 100,000 IoT devices, which in concert launched a 1.2 Tbit/s attack on the service provider Dyn. The most massive DDoS attacks to date took place in 2018. Back then, the GitHub coding platform was overloaded with traffic peaks of 1.35 Tbit/s. In the same year, security researchers also recorded an attack on a US company measuring over 1.7 Tbit/s. Meanwhile, the frequency of DDoS attacks also steadily increased over the years. Between 2014 to 2017 alone, the frequency of DDoS attacks increased more than 2.5-fold.
Myra DDoS Protection
Effective protection against a DDoS attack is only guaranteed by professional solutions. The Myra Security-as-a-Service (SECaaS) platform hides the IP addresses of your servers behind a filter system. Intelligent algorithms filter traffic long before it reaches your application servers. Defense mechanisms are employed as soon as these algorithms detect an attack. Valid traffic (e.g. customer requests) will continue to be passed on unhindered to your application servers. The delivery of your website is accelerated using global caching and content optimization—even during an attack.
What this means for you is reliable protection against DDoS attacks and highly available websites. And what this means for your customers is optimum performance when using your website, both during normal operation and in the event of an attack.
The Myra DDoS protection solution is certified by the German Federal Office for Information Security [Bundesamt für Sicherheit in der Informationstechnik (BSI)] according to ISO 27001 on the basis of basic IT protection. Therefore, the German national cyber security authority certifies that our DDoS protection guarantees the confidentiality, availability, and integrity of information.
Important for operators of critical infrastructures: Myra is the first and so far only qualified DDoS mitigation service provider in the world that fully meets all of the BSI’s performance characteristics.