What is a Distributed Denial-of-Service (DDoS) attack? Explained in simple terms!

 

Topics

• Summary and overview
• Why do hackers attack websites?
• Negative impacts of DDoS attacks
• Protecting websites from DDoS attacks
• Distributed Denial-of-Service resources
• About QuantCDN

Summary

The technology world is full of jargon and acronyms and funny words. In this Tech Speak series, we try to explain these in simple terms as well as provide additional information if you want to go deeper.

Term: Distributed Denial-of-Service

Acronym: DDoS

Oneliner: A Distributed Denial of Service or DDoS attack is a malicious cyberattack where a website or online service is intentionally flooded with so much traffic that it becomes overwhelmed and unavailable to legitimate users.

Analogy: You can think of a DDoS attack as someone intentionally clogging up a highway with a bunch of cars or obstructions that prevent people from getting to their destinations.

Short description: A DDoS (Distributed Denial of Service) attack is a malicious attempt to disrupt the normal user traffic of a server, service, or network by flooding it with requests. This deluge overwhelms the target which makes it unable to function properly and handle legitimate users. A DDoS attack can cause a website or service to slow down significantly or even become completely unavailable.

Longer Analogy: Imagine you're trying to enter a concert through an entrance and, suddenly, a huge crowd of thousands of protesters rush towards the same gate to make a political statement against the band. This overwhelming surge of people blocks the entrance, making it impossible for actual concert-goers to get into the show. The concert may need to be delayed or even cancelled as a result which can cause unhappy fans, bad publicity, and financial losses.

Ways to mitigate DDoS attacks: DDoS mitigation services, CDNs, rate limiting, WAFs

Example use case: A group of hackers decides to target an online store that is having holiday sales during a busy period. They create a “botnet” which is a large number of devices with malware on them. The hackers start their attack during the holiday sales event and use their botnet to flood the store’s website with requests. The store’s website uses a web server that can only handle a certain number of requests per second which is overwhelmed by the large request volume. Real customers try to access the site, but the web pages don’t load, so they leave because they can’t buy anything. The store suffers a financial loss during that day, but also for future sales due to the loss of reputation.

Keep in mind: Having DDoS mitigation in place before someone tries to attack is much better than dealing with the aftermath. If you do get hit with a DDoS attack, don’t panic (hard to do!) and immediately contact your hosting provider or IT group to see what they can do. And, if the attack is accompanied by a ransom demand, it's generally advised not to pay, but you should consult with your legal advisors and business owners on your particular situation.

Why do hackers attack websites?

Hackers use Distributed Denial of Service attacks to try to become famous, get back at companies, extract money, make a point, etc. Here are some reasons why DDoS attacks happen and some examples:

• Extortion and Financial Gain
• Ideological or Political Reasons
• Business Rivalry
• Personal Grudges
• Fame or Notoriety
• Cyber Warfare
• Hiding Other Attacks

Negative impacts of DDoS attacks

Distributed Denial-of-Service attacks can have a devastating impact in the short and long term. To avoid unhappy customers and damaged reputations, anyone with websites or online services must work hard to thwart the hackers who want to do them harm. Here are some of the potential impacts of getting attacked:

Short-term impacts

Service Disruption: Your website or online service may be very slow or completely unusable due to the malicious traffic, so your customers and organization won't be able to use these systems during the attack.

Customer Dissatisfaction: If your customers rely on the website or services affected, then they will be unhappy with the outage or performance degradation.

Staffing Diversion: Dealing with a DDoS attack requires immediate attention from technical team members, diverting them away from other important tasks or projects.

Financial Loss: DDoS attacks often cause financial losses due to the impacts of downtime and mitigation such as loss of sales or staff working overtime to get systems operational.

Reputation Damage: When a website or service is unavailable due to a DDoS attack, it can harm the company’s reputation even in the short term.

Long-term impacts

It’s typically easier to notice the short-term impacts of a DDoS attack while it has your attention. But, the effects of an attack can be long-lasting and can even cause your business to fail. Along with continued damage to your reputation, keep in mind these long-term impacts that can have large financial ramifications:

Customer Support: The website or service outage may cause lingering customer support issues and distract your support team from their normal tasks.

Customer Decline: Due to reputational damage, your customer base can decline substantially through losing existing customers and not attracting new customers.

Stock Price Drop: For publicly-traded companies, a significant attack can lead to a stock price decline and cause investors to lose confidence.

Insurance Cost Increases: Following a DDoS attack, organizations may face higher insurance premiums if they are deemed high-risk for more attacks.

Regulatory Penalties: If the attack caused a regulatory compliance breach, the organization might face penalties and other compliance-related costs such as audits.

Legal Costs: If data was compromised or legal obligations haven’t been met during an attack, the organization might face costly and time-consuming legal challenges.

Security Costs: After an attack, organizations often need to invest more in cybersecurity measures to prevent future attacks such as upgrading hardware and software and hiring additional security staff.

Protecting websites from DDoS attacks

You cannot anticipate every approach a hacker might take to bring down your websites. While there are many security best practices and tools to consider, a few popular ones for dealing with Distributed Denial-of-Service attacks are:

Static Website: If your website doesn’t have many or any “dynamic” pages, creating a static or mostly-static version will mean hackers have nothing to hack.

Content Delivery Network (CDN): Using a CDN can distribute your website content around the world which makes it harder for hackers to bring your site down.

Web Application Firewall (WAF): A WAF with DDoS protection can differentiate between real and bot traffic, so your users are allowed access while the bots are not.

Distributed Denial-of-Service Resources

Learn more about DDoS and related concepts by checking out these resources:

• Denial of Service (OWASP)
• Denial-of-service attack (Wikipedia)
• DDoS Quick Guide (CISA)
• Understanding and Responding to Distributed Denial-of-Service Attacks (CISA)
• Denial of Service (DoS) guidance (NCSC)
• DDoS Protection: 8 Simple Tactics (Blackberry)
• 2022: DDoS Year-in-Review (Infosecurity Magazine)
• Cybersecurity Attack and Defense Fundamentals (Coursera)

About QuantCDN

Quant is a global static edge; a CDN & WAF combined with static web hosting. We provide solutions to help make WordPress and Drupal sites static, as well as support for all popular static site generators.