One of the easiest ways to disrupt any organization's online presence is through Distributed Denial of Service (DDoS) attacks. Unlike hacking or infiltrating a network, DDoS attacks simply overwhelm a site with meaningless traffic, causing it to become unreachable. This sort of cyberattack has been made famous by large hacking collectives such as Anonymous, and 2013 was the worst year on record for DDoS attacks, according to a new report.
With the financial sector estimating that each DDoS attack costs at least $100,000, protecting against them has become more important than ever before, especially as more business transactions begin to rely on the Internet.
Prolexic Technologies, one of the leading providers of DDoS protection services, has released a report detailing some of the major DDoS trends it saw during 2013. Not only have the attacks become more common, Prolexic found, but they are now harder to defend against due to more sophisticated malware.
"Prolexic noted a clear evolution in the strategies and tactics malicious actors embraced over the past 12 months," the report said. "The tools used by malicious actors in 2013 and the tactics they adopted changed considerably, reflecting the ongoing evolution of the (DDoS) threat."
Unlike in the years prior to 2013, mobile devices are now being used to carry out attacks, making it even easier for malicious groups to take down a Web site.
"Although the use of mobile devices in these attacks is still minimal, it is expected to grow alongside the adoption of smartphones around the world," the report said.
Just as with actual hacks, many of the DDoS attacks have been coming from Asian countries, according to Prolexic's data. It has long been asserted that the Chinese government has been behind various attacks but with the prevalence of computers within China, no one is entirely sure who is behind many of the DDoS attacks.
No matter what sector a business is in, protecting against DDoS attacks is important. Now that these attacks are becoming more common, even large organizations and government-funded institutions have been taken offline for hours.
According to a report from Forrester Research, an attack "can last anywhere from hours to days, depending on how long it takes the victim to mitigate the traffic and how long the attacker can keep blasting the traffic at the victim's site and network."
Along with the troublesome downtime is an even more significant amount of lost money, especially with larger businesses, Forrester said.
"The estimated financial impact is $2.1 million dollars lost for every 4 hours down and $27 million for a 24-hour outage," the Forrester report said.
Before attackers began to adopt advanced techniques, individuals with knowledge of the network would be able to mitigate a DDoS attack by filtering out any request that appeared to be fake. Now, on-site and cloud-based services are usually required to prevent or quickly stop an attack, as they can be consistently updated and include multiple layers of protection. Unfortunately, in most scenarios, even those systems are unable to completely prevent attacks, but when money is at stake, less downtime is still beneficial.