How DDoS Attacks Can Sink Your Business
What is DDoS?
Distributed Denial of Service (DDoS) is a form of cyberattack which makes the target internet service inaccessible. “Distributed” refers to the fact that the attack comes from multiple sources, to have a bigger impact on the target, as it cannot cope with such a large amount of traffic. In recent years, DDoS attacks have become more and more complex, with many combinations of different attach approaches being used. DDoS attacks now generate much more data traffic than before - the biggest DDoS attack in 2015 consumed around 500 Gbps, but by the following year, this had doubled to around 1 Tbps. Each year, the number of attacks increases by 15%.
There are many online resources detailing DDoS attack statistics, such as the article “State of the Internet” from Akamai, as well as numerous threat reports from antivirus companies. There are also companies that monitor DDoS attacks on data backbones to provide real-time insights into what is happening. DDoS attacks occur continuously, as you can see on the map below. 
Any public service can fall victim to a DDoS attack, such as mobile application APIs, web pages, e-mail services, or DNS services. The affected service becomes completely unavailable during the attack, which means that any mobile applications, web pages, or email services will be inaccessible. Not only does this have a negative effect on the service provider’s reputation, but it also has a knock-on effect on other service providers and operators who might use this service themselves.
Attackers use several techniques exist to conduct high data load, and many of them use botnets to generate traffic. These botnets are devices remotely controlled by attackers. These devices are also sometimes called zombies - they can be personal computers, mobile phones, and even IP cameras, smart things, or networked devices.
Why DDoS? There are a number of reasons: attackers might just be doing it for fun, or they might have more specific reasons, such as slowing down business competitors or influencing public votes. DDoS attacks can also cover up other attacks, such as stealing valuable data from victims.
Impact of DDoS
Carrying out a DDoS is relatively inexpensive, but the impact it has on business can be enormous. A mid-sized DDoS that lasts for a whole day can be bought for around $500 on the dark web - this figure pales in comparison to the damage that’s done to a service operator who finds that their service is unavailable for 24 hours. In additional to direct financial costs, this unavailability of service damages the company’s reputation, which could have a far more severe effect in the long run.
A DDOS example
On December 31st, 2015, BBC servers experienced the biggest DDoS attack seen that year. The attack volume reached an enormous 602 Gbps, and rendered all of the BBC’s sites unavailable. The impact of such an attack spread to many content services connected to BBC servers, which failed to load, and the world was left without information from one of the largest news sources around.  
There are countless more examples of such attacks, but it’s more constructive to think about the real impact a DDoS attack can have on business.
Let imagine, for example, a business critical application that has thousands of clients and serves as a communication tool between a company and its customers. This application is a channel used to generate contracts, book properties, sell goods or tickets, or any other service directly impacting the revenue stream for the company.
Under a DDoS attack, the victim may experience the following potential consequences:
- No one can use the application to communicate with the company
- Service unavailability might cause the company to fail to meet its Service Level Agreement (SLA) with the customers. Do you remember Google’s availability issue in Central Europe during November 2016? Google faced several issues in this regard, for example, all taxi services relying on Google Maps didn’t work.
- Instead of using the website, users now flush the company’s phone and email systems and slow down all processes in the organization
- IT administrators contact 3rd party vendors to help to solve the issue if they can’t solve it on their own.
- If the unavailable service is related to public media, people might start asking for information elsewhere - and a competitor will be quick to step in.
Mitigating the impact of DDoS requires many people whose salary contribute to the indirect cost of DDoS attacks. If we weigh up all the direct and indirect costs, protection against DDoS is the logical choice.
Google outage in November 2016
Existing solutions to DDoS
There are many ways to protect against DDoS; however, every solution has its limitation. You can use a very fast Internet connection to handle a volumetric type of attacks, but is your application server fast enough to handle the high volume of connections created by hackers?
You can perform a deep packet inspection to search for malicious patterns inside the data flow (application logic DoS) between the application and the data center, but how fast do your appliances need to be to not become bottlenecks?
You can use automated data forwarding to the black hole of the operator, but do you want to rely on technology (sometimes wrongly configured) to make crucial decisions regarding accessibility of a business critical service? On the top of that, do you have employees experienced enough to detect and isolate attacks quickly and know the right steps to restore a fully operational service?
How to fight DDoS
To identify the source of the problem takes an expert eye. On first glance, a DDoS attack might look like just a traffic peak, or a bottleneck somewhere in the company’s data network.
The first step, then, in mitigating a DDoS attack is to know just what is happening. This requires detailed logging so that you have enough information to discover the source of the issue and the impact of the attack. To do this, you can use Log Management, Security Information and Event Management (SIEM), IDS/IPS technology, or firewalls.
Next, you’ll need to choose a strategy to mitigate the impact, using the resources available to you. You need to know the capabilities and limitations of the hardware at your disposal. However, such mitigation strategies often fail because business owners don’t know how to reconfigure their key appliance.
Thirdly, you need to have an active response plan to the problem, which includes all steps that need to be done and all the people who need to be informed about the problem.
The final step is to prevent any future attacks. You might need to make changes to your existing infrastructure or upgrade your technology to stop a DDoS from happening again.
If you have a professional team of security experts working with you, then they will probably know what to do during a DDoS attack. However, if you try to tackle the problem yourself, a DDoS might inflict great damage to your business.
TeskaLabs provides security technology focused on mobile apps and industrial Internet of Things. We offer application security technology which provides you with in-depth insights into what is happening on your network at any time. Our technology is connected to a Security Operation Center (SOC) monitored by security specialists who are ready 24/7, all year round, to help you mitigate app-related attacks. Thanks to a deep monitoring feature, our technology can also identify low-level issues that slow down communication and have a negative impact on customer experience.
If you'd like to get a true assessment of the architecture and security of your mobile application, please request a FREE Demo. Or, to learn more about TeskaLabs’ SeaCat Mobile Secure Gateway and how we can help you with the security of your mobility solutions, please visit www.teskalabs.com/products/seacat-mobile-secure-gateway.
SeaCat Application Gateway Whitepaper
Manage connected products with confidence!Download
Most Recent Articles
- How TeskaLabs Helps You Operate SCADA Systems Securely and Comply with Security Laws
- 5 Cyber Threats eCommerce Websites Should Watch Out For
- Who is Responsible for Securing the Connected Car?
- Why You Need Security Audit for Your Point-of-Sale (POS) System
- Building High-Performance Application Servers - What You Need to Know
You Might Be Interested in Reading These Articles
The security of connected applications, IoT, or mobile platforms, is based not only on secure development, but also on widespread knowledge about info security. Every user should have minimum knowledge about security. Every public tender should demand security of the final product or service.
Published on September 15, 2015
The enterprise world is changing. In the past, enterprises built their IT infrastructure as isolated data fortresses and did everything they could to prevent outsiders from accessing their data. But now they need to open that fortress to allow communication via mobile technologies. And this hole is where hackers strike.
Published on July 07, 2015
In October 2015, Blakely Thomas-Aguilar did a great article on mobile security statistics on the VMware AirWatch blog that can and will send shivers down your spine. For example, she found that there was an increase of 18% in the number of Android vulnerabilities between 2011 and 2015.
Published on July 26, 2016