In March 2020, while the world was shutting down due to the spread of COVID-19, something weird was happening in online coding classes, their registration was spiking. The brutal implications of this were quickly realized as the number of DDoS attacks on business websites began to climb. It’s climbing at such a fast rate, that by 2023, experts predict the number of DDoS attacks will be double their current number for 2020.
What is a DDoS Attack?
DDoS stands for ‘Distributed Denial of Service’ and refers to when a hacker uses multiple devices or IP addresses to attack a system to the point where it is rendered unusable for the user, or crashes entirely. There are a number of different ways in which a hacker can do this, and that is one of the reason DDoS attacks are some of the most dangerous on the internet. New ways of carrying out a DDoS attack are always being attempted and companies are often the ones who have to pay the hefty price.
The most common types of DDoS attacks are SYN Flood Attacks which account for 94% of DDoS attacks. An SYN Flood is when the hacker uses multiple IP addresses to exploit the TCP connection or “handshake” sequence. The hacker will usually set up a bot to send multiple “handshake” requests in such rapid succession that the server receiving the requests will be unable to complete them and will eventually crash.
Why Do DDoS Attacks Happen?
Strangely enough, DDoS attacks frequently aren’t monetarily motivated—which sets them apart from most of the other types of cyber-attacks out there on the web. In fact, there have been a number of reports of DDoS attacks which occurred just because a hacker wanted to troll, or basically have fun, ruining someone else’s day.
So why do it in the first place? Well, there are a number of non-monetary things which can be gained from a DDoS attack, and one of the big ones is customers. When a competing company DDoS’s their competition in a way which stops the functionality of the website, customers may be driven to go somewhere else, especially if they need to product urgently. This leads many companies to suspect that DDoS attacks are carried out by their competition. And they often aren’t wrong. Another major reason for a number of large DDoS attacks in the past have been due to political, religious, or activism reasons. There are quite a few major DDoS reports from government websites simply because people are against the government or the government service offered on the website. As for religious reasons, one of the most famous DDoS attacks in 2012 was carried out by the Muslims who were DDoSing a number of US bank apps and websites in order to get images of Muhammad removed from the media. And there are often reports of companies who may engage in practices like animal testing being the victims of DDoS attacks because of the way in which they do business.
And these aren’t the only reasons for DDoS attacks. They can also be carried out as revenge plots by disgruntled ex-employees. And even if the attacks may seem non-malicious, they could be a pre-cursor of a more serious attack to come. This is because a hacker may be using a DDoS attack to find vulnerabilities in the system with the intent of coming back to exploit said vulnerabilities later. Not only that, but there are a number of DDoS for hire services on the dark web, so even if your enemy or competition doesn’t know how to perform a DDoS, they can easily farm out the job to someone else. And this is what makes DDoS attacks so serious.
How to Prevent a DDoS Attack
Because the barrier for entry for a hacker to perform a DDoS attack is low, it is one of the most frequent cyber-attacks on companies’ websites. But surprisingly, there isn’t much technology to prevent one. This is because most DDoS attacks are able to circumvent basic firewalls and other security systems, so the solving of them usually requires manual input—which means one of the only ways to protect yourself against these attacks is by hiring someone to monitor your website for security.
Now of course, if you’re a small business, having around the clock technical security just isn’t feasible. Thus, there are a number of companies which can be contracted out to do security for your website, or a number of websites often to decide to have an IT individual on retainer whom they can call frequently for help. For some smaller businesses, this still just isn’t in the budget, and there are actually a number of companies which can be paid to try and breach your website security using different hacks like DDoS. If they are successful, this is a sign your website is not yet ready for launch and needs more testing first. Because of the way technology can change very quickly, it is advised that if you do go this last route, that you pay to have your website retested on a regular basis.
Famous DDoS Attacks
DDoS attacks are incredibly common, but unsurprisingly, a number of companies don’t report them for fear of losing customer confidence. In December 2020, Bitcoin.org was a victim of a DDoS attack which resulted in the site losing all functionality for a few hours. It’s important to note that the hack did not affect Bitcoin, simply the website in which users can download a wallet and buy the coin. While the website was down, attackers copied some of the open source software (known as Bitcoin Core) from the website and distributed it to users who wished to download it via torrent. The attack was traced to Russian IP addresses, but since DDoS attackers frequently use stolen IP addresses, it’s anyone’s guess where they attack truly originated from.
Even more shocking, in the months since August 2020, a number of payment processors like PayPal and MoneyGram, have been the target of quite a few DDoS attacks. These attacks were very large in nature, and were followed by ransom emails asking the companies to pay Bitcoin to the hackers for the attacks to stop. It’s unclear if any of the websites have paid up, but it’s unlikely, because websites such as PayPal have such outstanding security that while DDoS attacks are annoying to them, it’s not likely to bother their functionality or customer use to the point where they would need to pay to have them stopped. Also, as history has taught them, paying a DDoS scammer often times doesn’t make them go away, it just teaches the scammer they can get money from the company if they keep attacking.
Overall, the world of cybersecurity is a scary place, especially when it comes to preventing breaches, such as a DDoS attack. This is why, as a user or business owner, it’s important to understand how cyber security works, and take steps to limit your possible exposure to internet crime by improving your website security. DDoS attacks certainly aren’t new, and they definitely won’t be going away any time soon.