How DDoS Attacks Can Sink Your Business
What is DDoS?
Distributed Denial of Service (DDoS) is a form of cyberattack which makes the target internet service inaccessible. “Distributed” refers to the fact that the attack comes from multiple sources, to have a bigger impact on the target, as it cannot cope with such a large amount of traffic. In recent years, DDoS attacks have become more and more complex, with many combinations of different attach approaches being used. DDoS attacks now generate much more data traffic than before - the biggest DDoS attack in 2015 consumed around 500 Gbps, but by the following year, this had doubled to around 1 Tbps. Each year, the number of attacks increases by 15%.
There are many online resources detailing DDoS attack statistics, such as the article “State of the Internet” from Akamai, as well as numerous threat reports from antivirus companies. There are also companies that monitor DDoS attacks on data backbones to provide real-time insights into what is happening. DDoS attacks occur continuously, as you can see on the map below. 
Any public service can fall victim to a DDoS attack, such as mobile application APIs, web pages, e-mail services, or DNS services. The affected service becomes completely unavailable during the attack, which means that any mobile applications, web pages, or email services will be inaccessible. Not only does this have a negative effect on the service provider’s reputation, but it also has a knock-on effect on other service providers and operators who might use this service themselves.
Attackers use several techniques exist to conduct high data load, and many of them use botnets to generate traffic. These botnets are devices remotely controlled by attackers. These devices are also sometimes called zombies - they can be personal computers, mobile phones, and even IP cameras, smart things, or networked devices.
Why DDoS? There are a number of reasons: attackers might just be doing it for fun, or they might have more specific reasons, such as slowing down business competitors or influencing public votes. DDoS attacks can also cover up other attacks, such as stealing valuable data from victims.
Impact of DDoS
Carrying out a DDoS is relatively inexpensive, but the impact it has on business can be enormous. A mid-sized DDoS that lasts for a whole day can be bought for around $500 on the dark web - this figure pales in comparison to the damage that’s done to a service operator who finds that their service is unavailable for 24 hours. In additional to direct financial costs, this unavailability of service damages the company’s reputation, which could have a far more severe effect in the long run.
A DDOS example
On December 31st, 2015, BBC servers experienced the biggest DDoS attack seen that year. The attack volume reached an enormous 602 Gbps, and rendered all of the BBC’s sites unavailable. The impact of such an attack spread to many content services connected to BBC servers, which failed to load, and the world was left without information from one of the largest news sources around.  
There are countless more examples of such attacks, but it’s more constructive to think about the real impact a DDoS attack can have on business.
Let imagine, for example, a business critical application that has thousands of clients and serves as a communication tool between a company and its customers. This application is a channel used to generate contracts, book properties, sell goods or tickets, or any other service directly impacting the revenue stream for the company.
Under a DDoS attack, the victim may experience the following potential consequences:
- No one can use the application to communicate with the company
- Service unavailability might cause the company to fail to meet its Service Level Agreement (SLA) with the customers. Do you remember Google’s availability issue in Central Europe during November 2016? Google faced several issues in this regard, for example, all taxi services relying on Google Maps didn’t work.
- Instead of using the website, users now flush the company’s phone and email systems and slow down all processes in the organization
- IT administrators contact 3rd party vendors to help to solve the issue if they can’t solve it on their own.
- If the unavailable service is related to public media, people might start asking for information elsewhere - and a competitor will be quick to step in.
Mitigating the impact of DDoS requires many people whose salary contribute to the indirect cost of DDoS attacks. If we weigh up all the direct and indirect costs, protection against DDoS is the logical choice.
Google outage in November 2016
Existing solutions to DDoS
There are many ways to protect against DDoS; however, every solution has its limitation. You can use a very fast Internet connection to handle a volumetric type of attacks, but is your application server fast enough to handle the high volume of connections created by hackers?
You can perform a deep packet inspection to search for malicious patterns inside the data flow (application logic DoS) between the application and the data center, but how fast do your appliances need to be to not become bottlenecks?
You can use automated data forwarding to the black hole of the operator, but do you want to rely on technology (sometimes wrongly configured) to make crucial decisions regarding accessibility of a business critical service? On the top of that, do you have employees experienced enough to detect and isolate attacks quickly and know the right steps to restore a fully operational service?
How to fight DDoS
To identify the source of the problem takes an expert eye. On first glance, a DDoS attack might look like just a traffic peak, or a bottleneck somewhere in the company’s data network.
The first step, then, in mitigating a DDoS attack is to know just what is happening. This requires detailed logging so that you have enough information to discover the source of the issue and the impact of the attack. To do this, you can use Log Management, Security Information and Event Management (SIEM), IDS/IPS technology, or firewalls.
Next, you’ll need to choose a strategy to mitigate the impact, using the resources available to you. You need to know the capabilities and limitations of the hardware at your disposal. However, such mitigation strategies often fail because business owners don’t know how to reconfigure their key appliance.
Thirdly, you need to have an active response plan to the problem, which includes all steps that need to be done and all the people who need to be informed about the problem.
The final step is to prevent any future attacks. You might need to make changes to your existing infrastructure or upgrade your technology to stop a DDoS from happening again.
If you have a professional team of security experts working with you, then they will probably know what to do during a DDoS attack. However, if you try to tackle the problem yourself, a DDoS might inflict great damage to your business.
TeskaLabs provides security technology focused on mobile apps and industrial Internet of Things. We offer application security technology which provides you with in-depth insights into what is happening on your network at any time. Our technology is connected to a Security Operation Center (SOC) monitored by security specialists who are ready 24/7, all year round, to help you mitigate app-related attacks. Thanks to a deep monitoring feature, our technology can also identify low-level issues that slow down communication and have a negative impact on customer experience.
If you'd like to get a true assessment of the architecture and security of your mobile application, please request a FREE Demo. Or, to learn more about TeskaLabs’ SeaCat Mobile Secure Gateway and how we can help you with the security of your mobility solutions, please visit www.teskalabs.com/products/seacat-mobile-secure-gateway.
Data anonymization tool for GDPRMore information
You Might Be Interested in Reading These Articles
In June 2017, two information security firms researching the 2016 hack of the electricity grid in Ukraine announced that they had identified the malicious code used to shut down power stations and leave thousands of households and businesses in darkness for several hours. The malware used to target the Kiev power grid has been named Industroyer, and it serves as a sobering reminder about the dangers faced by the Industrial Internet of Things (IIoT).
Published on September 05, 2017
We are a security Cat, specializing in mobile application security. You know that. In the last couple of months, we happened to stumble onto another tech domain: Business Intelligence (BI).
Published on December 26, 2014
OpenSSL DROWN Vulnerability Affects Millions of HTTPS Websites and Software Supporting SSLv2 (CVE-2016-0800)
DROWN is caused by legacy OpenSSL SSLv2 protocol, known to have many deficiencies. Security experts have recommended to turn it off, but apparently many servers still support it because disabling SSLv2 requires non-default reconfiguration of the SSL cryptographic settings which is not easy for common IT people who have limited security knowledge and don’t know the location to disable this protocol and the way to disable it.
Published on April 12, 2016