Exploring DDoS Attacks

Modern web servers are extremely fast and highly resilient. They have the ability to deliver data anywhere in the world in the blink of an eye. What they don't have, though, is the ability to deliver data to an infinite number of users simultaneously. If enough users request data from the same server at the same time, the server will stop processing requests efficiently. Some users may not receive any data at all.

A distributed denial-of-service attack is an attempt to force a server into an error state by overloading it with requests from many computers around the world. DDoS attacks are among the greatest fears of any website owner because relatively little effort is needed to bring down the average shared web server. A server often has the ability to handle hundreds -- even thousands -- of requests per second. However, a coordinated DDoS attack can potentially flood a server with requests from millions of IP addresses. A DDoS attack can cripple almost any server.

How DDoS Attacks Work (A Brief Explanation)

DDoS attacks work by flooding servers with more simultaneous requests than they can handle. With potentially millions of IP addresses connecting to a server simultaneously, the server becomes overloaded and can no longer process requests. The traffic that the DDoS attack generates effectively becomes a wall that prevents legitimate traffic from reaching the server.

Hackers need access to many Internet-connected computers and devices to make DDoS attacks possible. Typically, access is gained by exploiting security vulnerabilities. For example, there are many homes that have wireless routers. There are also many businesses that have Internet-connected cameras. Many of the people who own Internet-connected devices have never changed the devices' default passwords. A script can automatically scan bulk  IP addresses for Internet-connected devices and try the default password on each device that it finds. If the password works, the script gains access to the device.

Collectively, a group of compromised devices under the control of a hacker or group of hackers is a botnet. Some botnets are incredibly large. In October 2016, the DNS provider Dyn suffered a DDoS attack that crippled its ability to resolve domain names. Hackers used tens of millions of IP addresses to execute the attack. During the attack, some of the Internet's most popular websites were inaccessible.

Why do DDoS Attacks Happen?

Hackers attempt to penetrate and disable online systems for a variety of reasons. Some simply do not believe in traditional ethics and think that exploring and manipulating online systems should be legal. Others want to showcase their technical prowess and gain notoriety within the hacker community. Some hackers have political or ideological motivations, and others hope to extort money from corporations.

Some hackers simply attack small business websites because they know that many small business owners either don't know about -- or have no way to mitigate -- DDoS attacks.

The Cost of DDoS Attacks

How much would a DDoS attack cost your business? A successful attack can bring a website completely down -- and every minute that your website is down, it isn't earning money for your company. Estimates vary as to how much a typical DDoS attack costs a company. One estimate suggests that they cost businesses $20,000 per hour. According to another estimate, DDoS attacks cost an average of $22,000 per minute. One thing is certain: It is far preferable to prevent a DDoS attack from causing a website outage.

Mitigating DDoS Attacks

Preventing DDoS attacks is impossible -- and small business websites are just as vulnerable as major websites. It is, however, possible to mitigate DDoS attacks by recognizing them and blocking the traffic. If an attack fails to compromise a website, the hackers perpetrating the attack will move on and target other websites.

Successful DDoS mitigation has two components. The first is a protection system with the ability to distinguish between bots and legitimate human traffic. Most of the time, the bots taking part in a DDoS attack flood the target website with the same type of network request. The protection system recognizes the traffic from bots and either ignores or reroutes it.

The second component necessary for DDoS mitigation is a robust, distributed network with an extremely fast connection to the Internet and a distributed architecture that allows it to serve data from multiple locations around the world.

Cloud hosting is one of the better solutions for DDoS mitigation. A cloud services provider has massive bandwidth available -- far more than the volume of any DDoS attack to date. Cloud providers also have the security software necessary to identify and block or reroute traffic from malicious bots.

Most importantly, even an attack that manages to disable a server or entire data center will not disable the target website completely if it is on cloud hosting. Since cloud providers have multiple data centers around the world, they have the ability to route traffic to other data centers when one data center experiences a problem.