What are DDoS attacks and how can they be defended against?

Cybercrime represents a lucrative business for organised crime worldwide - its revenue exceeded that of the international drug trade in 2020. The attack scenarios have become highly sophisticated and diverse. These include extortion through ransomware, theft of sensitive data, industrial espionage, and the provision of software and IT infrastructure. One of the most common methods is Distributed Denial of Service (DDoS), specifically targeting servers and web hosting.

What is a DDoS Attack?

A DDoS attack aims to overwhelm a server or parts of an IT infrastructure with traffic, causing them to be unable to perform their intended functions.

For this purpose, various strategies are employed:

• Physical sabotage at critical nodes such as routers or gateways
• Penetrating protected areas of an IT infrastructure
• Manipulating and redirecting data traffic
• Exploiting software vulnerabilities
• Attacks on operating systems to crash them
• Overloading the network and infrastructure

Most DoS attacks now use the latter method. The Distributed Denial of Service as a distributed attack represents an evolution of the early DoS attack pattern, which originated from a single computer. As today's bandwidths even with a light VPS hosting have high capacities, networking and coordination between numerous instances are essential for a successful DDoS attack. Load Balancing can also help in this case.

How does a DDoS attack occur?

During a Denial of Service attack, criminals try to separate their victims from the public infrastructure by flooding them with a high volume of requests. To be effective, these requests must necessarily come from a wide variety of different sources. This not only increases the number of incoming connections but also significantly complicates the defence against DDoS, as the distribution makes it difficult to distinguish between legitimate and artificially generated packets, and at least partially impossible. Such attacks often originate from botnets, which may include millions of servers and private computers infected by criminals with trojans and controlled over the internet.

What is the goal of a DDoS attack?

When cybercriminals attack a website with DDoS, political, ideological, or financial motives may be the cause. As in many other areas of organised crime, money is often the key motive. Profits can be generated through various activities:

• Extorting companies for the release of resources or websites
• Disabling or hindering competitors
• Offering DDoS as an illegal service on the black market
• Temporarily blocking access to specific areas, such as geoblocking
• Exclusive purchase of attractive products at the list price (scalping)

Aside from technical countermeasures, understanding the possible motivations is important in order to organise an efficient defence for servers or the entire IT infrastructure. For example, critical segments can be isolated from the rest of the network and specific vulnerabilities defined to achieve optimal protection of vulnerable areas.

Find out about web hosting with DDoS protection or consider alternatives such as VPS hosting with DDoS protection, as well as Cloud Servers with DDoS protection and Dedicated Servers with DDoS protection.

What technical defences exist for DDoS?

An essential issue with DDoS is that effectively defending against attacks on any type of server requires comprehensive expert knowledge. Individual and relatively simple measures can be implemented independently, but extensive defence requires the involvement of professional experts. The techniques include:

• Analysis and filtering of requests through Deep Packet Inspection
• Geoblocking and limiting individual and regional connections
• Captcha and other manual barriers for access
• Distributing bandwidth to special high-performance servers for traffic analysis
• Involving external, specialised providers for DDoS defence

Due to the scope of current threats to servers, it is generally recommended for commercial and business internet presences to utilise additional protection from the web host or professional providers such as Cloudflare or Akamai for defending against DDoS attacks. These providers have the necessary expertise and infrastructure to diagnose such attacks early and block them promptly.

Photo: Iván Tamás from Pixabay