It’s been more than 20 years since the first DDOS attack entered the public consciousness. The victim of the first successful Distributed Denial of Service targeted the French government in 1995 as part of a political protest.
The criminals were identified as the Strano Network, an Italian political collective that managed to cripple numerous government websites before they were identified. That first attack lasted about an hour.
Those type of attacks have become a lot more sophisticated as the technology behind threats became effective.
FloodNet came on the scene shortly afterward, which managed to bring companies to a grinding halt with point-and-click attacks.
Fast forward to today, and the most recent attacks are enough to chill the blood of any executive or IT professional operating for a governmental institution, a corporation, or small- to medium-sized business.
According to a recent report, DDoS attacks have increased year over year by 125 percent over recent years. Even worse, the attacks are intensifying and becoming more severe, according to Akami’s 2016 State of the Internet Security Report for Q1.
The company also noted that the duration of the average attack increased by 35 percent — up from about 15 hours during the first quarter of 2015 to more than 16 hours in the first quarter of 2016.
Bottom line? No one is immune.
When reviewing recent DDoS attacks in the industry, there are numerous incidents that could be classified as destructive and costly to their targets. Just last year, the tally was in the hundreds of thousands.
Major DD0S attacks
According to Arbor Networks, the most notable attacks in 2016 and 2017 included:
DYN. In this attack, a botnet of 100,000 infected devices were used as part of a DDoS attack against the internet performance management company. The impact was extensive, damaging Dyn’s clients’ ability to provide services. These included Spotify, Twitter and Etsy. The attack, in effect, disabled Dyn’s ability to connect their clients domain names to their respective web addresses.
U.S. presidential campaign. In an ongoing investigation, officials are still looking into cyberattacks impact on the recent presidential election. On April 1, a DDoS attack was identified that targeted Donald Trump’s campaign. #OpTrump, as it identified itself, tried to cripple websites at Trump’s hotel chains and presidential campaign. In another high-profile attack, candidate Hillary Clinton was targeted.
Olympics. During the 2016 Olympics in Rio, Brazil, a DDoS attack that lasted for several months was launched against websites that were designed to provide logistics and media coverage for the games.
Guarding yourself against DDoS Attacks
For the time being, it doesn’t look like DDoS attacks are going away anytime soon. It’s a lucrative or empowering business for the criminals who launch these attacks. In one incident, the attackers were able to get $100,000 with just the mere threat of a DDoS attack.
One of the major threats facing companies who are hit with DDoS attacks is the consequences caused by downtime. According to the IDC, the cost of downtime averages about $100,000 — per hour. The price tag tallies up fast. A 10-hour period of downtime would cost the average company $1 million.
That’s why the threat of an attack may have been enough for a company to fork over the ransom demanded by would-be attackers. This type of attack is considered ransomware but usually occurs after the attack has already been launched.
Another form of an attack is considered a DDDoS. That extra D represents Deceptive Distributed Denial of Service attack. This form of attack is a disguise for another attack. It distracts its victims while another attack is being launched.
To address these challenges, companies need to develop a comprehensive plan to guard against vulnerabilities and to quickly respond to an attack if something should occur. Here are a few strategies to consider:
Hire a professional consultant. It’s possible that you don’t have the in-house expertise to keep up with the latest forms of attacks. The consultant could guide you on choices with equipment, security and training for employees.
Address vulnerabilities. One of the most important steps you can take is to train your employees on how to avoid suspicious emails or activity that could be an indicator of a larger attack. Heightened awareness of tell-tale signs could be one of the most important steps you and your staff can take to guard against a full-blown attack.
Implement solutions. While nothing is foolproof, you can have tools installed to guard against attacks. This type of service is designed to detect unusual patterns in traffic — patterns that may be ignored by your busy staff.
The gaming industry represented the largest number of attacks at 43 percent, followed by the hotel and travel industry (13 percent); financial services (12 percent); technology (9 percent; media and entertainment (7 percent); the public sector (3 percent); SaaS (3 percent) and business services (2 percent).
However, it’s apparent no company should feel immune.
According to recent reports, DDoS attacks are requiring less and less skills and expertise to launch — making them easy routes for criminals to target and profit from small to large companies.