How DDoS Attacks Can Sink Your Business
What is DDoS?
Distributed Denial of Service (DDoS) is a form of cyberattack which makes the target internet service inaccessible. “Distributed” refers to the fact that the attack comes from multiple sources, to have a bigger impact on the target, as it cannot cope with such a large amount of traffic. In recent years, DDoS attacks have become more and more complex, with many combinations of different attach approaches being used. DDoS attacks now generate much more data traffic than before - the biggest DDoS attack in 2015 consumed around 500 Gbps, but by the following year, this had doubled to around 1 Tbps. Each year, the number of attacks increases by 15%.
There are many online resources detailing DDoS attack statistics, such as the article “State of the Internet” from Akamai, as well as numerous threat reports from antivirus companies. There are also companies that monitor DDoS attacks on data backbones to provide real-time insights into what is happening. DDoS attacks occur continuously, as you can see on the map below. 
Any public service can fall victim to a DDoS attack, such as mobile application APIs, web pages, e-mail services, or DNS services. The affected service becomes completely unavailable during the attack, which means that any mobile applications, web pages, or email services will be inaccessible. Not only does this have a negative effect on the service provider’s reputation, but it also has a knock-on effect on other service providers and operators who might use this service themselves.
Attackers use several techniques exist to conduct high data load, and many of them use botnets to generate traffic. These botnets are devices remotely controlled by attackers. These devices are also sometimes called zombies - they can be personal computers, mobile phones, and even IP cameras, smart things, or networked devices.
Why DDoS? There are a number of reasons: attackers might just be doing it for fun, or they might have more specific reasons, such as slowing down business competitors or influencing public votes. DDoS attacks can also cover up other attacks, such as stealing valuable data from victims.
Impact of DDoS
Carrying out a DDoS is relatively inexpensive, but the impact it has on business can be enormous. A mid-sized DDoS that lasts for a whole day can be bought for around $500 on the dark web - this figure pales in comparison to the damage that’s done to a service operator who finds that their service is unavailable for 24 hours. In additional to direct financial costs, this unavailability of service damages the company’s reputation, which could have a far more severe effect in the long run.
A DDOS example
On December 31st, 2015, BBC servers experienced the biggest DDoS attack seen that year. The attack volume reached an enormous 602 Gbps, and rendered all of the BBC’s sites unavailable. The impact of such an attack spread to many content services connected to BBC servers, which failed to load, and the world was left without information from one of the largest news sources around.  
There are countless more examples of such attacks, but it’s more constructive to think about the real impact a DDoS attack can have on business.
Let imagine, for example, a business critical application that has thousands of clients and serves as a communication tool between a company and its customers. This application is a channel used to generate contracts, book properties, sell goods or tickets, or any other service directly impacting the revenue stream for the company.
Under a DDoS attack, the victim may experience the following potential consequences:
- No one can use the application to communicate with the company
- Service unavailability might cause the company to fail to meet its Service Level Agreement (SLA) with the customers. Do you remember Google’s availability issue in Central Europe during November 2016? Google faced several issues in this regard, for example, all taxi services relying on Google Maps didn’t work.
- Instead of using the website, users now flush the company’s phone and email systems and slow down all processes in the organization
- IT administrators contact 3rd party vendors to help to solve the issue if they can’t solve it on their own.
- If the unavailable service is related to public media, people might start asking for information elsewhere - and a competitor will be quick to step in.
Mitigating the impact of DDoS requires many people whose salary contribute to the indirect cost of DDoS attacks. If we weigh up all the direct and indirect costs, protection against DDoS is the logical choice.
Google outage in November 2016
Existing solutions to DDoS
There are many ways to protect against DDoS; however, every solution has its limitation. You can use a very fast Internet connection to handle a volumetric type of attacks, but is your application server fast enough to handle the high volume of connections created by hackers?
You can perform a deep packet inspection to search for malicious patterns inside the data flow (application logic DoS) between the application and the data center, but how fast do your appliances need to be to not become bottlenecks?
You can use automated data forwarding to the black hole of the operator, but do you want to rely on technology (sometimes wrongly configured) to make crucial decisions regarding accessibility of a business critical service? On the top of that, do you have employees experienced enough to detect and isolate attacks quickly and know the right steps to restore a fully operational service?
How to fight DDoS
To identify the source of the problem takes an expert eye. On first glance, a DDoS attack might look like just a traffic peak, or a bottleneck somewhere in the company’s data network.
The first step, then, in mitigating a DDoS attack is to know just what is happening. This requires detailed logging so that you have enough information to discover the source of the issue and the impact of the attack. To do this, you can use Log Management, Security Information and Event Management (SIEM), IDS/IPS technology, or firewalls.
Next, you’ll need to choose a strategy to mitigate the impact, using the resources available to you. You need to know the capabilities and limitations of the hardware at your disposal. However, such mitigation strategies often fail because business owners don’t know how to reconfigure their key appliance.
Thirdly, you need to have an active response plan to the problem, which includes all steps that need to be done and all the people who need to be informed about the problem.
The final step is to prevent any future attacks. You might need to make changes to your existing infrastructure or upgrade your technology to stop a DDoS from happening again.
If you have a professional team of security experts working with you, then they will probably know what to do during a DDoS attack. However, if you try to tackle the problem yourself, a DDoS might inflict great damage to your business.
TeskaLabs provides security technology focused on mobile apps and industrial Internet of Things. We offer application security technology which provides you with in-depth insights into what is happening on your network at any time. Our technology is connected to a Security Operation Center (SOC) monitored by security specialists who are ready 24/7, all year round, to help you mitigate app-related attacks. Thanks to a deep monitoring feature, our technology can also identify low-level issues that slow down communication and have a negative impact on customer experience.
If you'd like to get a true assessment of the architecture and security of your mobile application, please request a FREE Demo. Or, to learn more about TeskaLabs’ SeaCat Mobile Secure Gateway and how we can help you with the security of your mobility solutions, please visit www.teskalabs.com/products/seacat-mobile-secure-gateway.
Data anonymization tool for GDPRMore information
Most Recent Articles
- Personal Data Deindetification: Anonymization
- TeskaLabs Annual Report 2017
- CatVision.io App available in Google Play
- Pseudonymization, Anonymization, Encryption ... what is the difference?
- Google has introduced new rules about how mobile app developers and companies deal with customer impact on apps across the board. What is it?
You Might Be Interested in Reading These Articles
A zero-day, also called zero-hour, vulnerability is a security flaw in the code that cyber criminal can use to access your network. Zero-day attacks call for new technologies built from the ground up for today’s advanced threat landscape. There is no known fix, and by the time hackers attack, the damage is already done
Published on May 12, 2015
A new EU regulation, European General Data Protection Regulation (GDPR) has been proposed to improve the data protection of individuals. This regulation is the subsequent to the 1995 directive. It was agreed on 17 December 2015 and its implementation starts from 2018.
Published on July 12, 2016
You love your Android phone and you love to go to the Play Store and download exciting new apps. You have also been through the Crazy Birds obsession and the Candi Crush mania. But do you know that your Android phone is not secured against the smartest of breaches: mobile app hackers. Before we go ahead and explain the intensity of this threat to mobile apps, especially Android apps, let’s have a look at the facts and figures!
Published on January 05, 2015