It’s been a while since the world first started hearing about Denial of Service attacks. It was February 2000, and in the space of just one week, major websites like Yahoo!, eBay, CNN, E-Trade, and Amazon were experiencing inexplicable outages that lasted for more than an hour in some cases. And those outages were costing them millions of dollars in lost revenues.
A little investigating, combined with loose lips on the part of the offender, eventually pointed law enforcement to a 15-year-old Canadian high school student going by the handle MafiaBoy.
That was the first time the public and most businesses became aware of the simplicity and power of Denial of Service Attacks. And nearly 15 years later they’re still a very potent treat to businesses of all sizes.
So what is the dreaded DDoS? A Distributed Denial of Service attack usually starts with hackers infecting thousands or even millions of unprotected servers and personal computers and turning them into zombies or bots. All these botted computers combine to create a massive network or botnet of compromised computers that will do whatever the hacker, sometimes called a bot herder, asks them to.
And often that instruction is to start sending requests to the same website for hours on end. The result is that the targeted website can’t handle the huge surge in traffic, legitimate users can’t access the site because it’s too slow, and eventually the site crashes entirely. The damage to sales and reputation can be enormous.
So what’s the goal of the attack? It can be anything from a protest to notoriety for the hackers and even extortion. In the wake of the riots in Ferguson Missouri in August of this year, local police reported that their website was the target of a DDoSo attack, presumably as some kind of protest. Victims of DDoS attacks often report receiving demands from the hackers for a payment to make the attack stop, and it’s estimated that more than one in every ten DDoS attacks is followed by extortion demands.
In August of this year, Sony was victim of a massive and well-organized DDoS attack that closed down the PlayStation Network and Sony Entertainment Network for nearly 24 hours. And it doesn’t cost much for hackers to do this kind of harm. A few hundred dollars will rent you a couple of thousand bot-controlled computers that you can direct to attack any website. One security company alone claims to be detecting 12 million of these DDoS bots every week.
So what are your options?
- Experts say if you receive a ransom demand you should never pay. It might not stop the attacks, the attacks could be repeated later, or word could get out that you’re an easy target.
- Talk to your ISP. See if they have any programs in place to mitigate the harm of DDoS attacks. There are technologies available to ISPs to help thwart these attacks.
- If you are a victim, speak up. Let your customers know as soon as possible that you’re victim of an attack. Reassure them that it’s not a breach and no information has been exposed. And let the media know too. It may help stave of future attacks and help you retain or rebuild your reputation.
- Make sure you’re using some kind of DDoS protection for your website that can automatically and quickly detect an uptick in unusual traffic and filter out and divert the malicious traffic before it can slow down your website.
Source: Neal O’Farrell