DDoS attacks (Distributed Denial of Services) occupy a unique space within the realm of cybercrime. They seldom lead to costly GDPR violation fines, typically don’t involve data theft, and rarely, if ever, result in the destruction of the targeted services.
While these attacks might not be the primary concern in general cyber protection, it’s crucial to recognize their typical targets. Companies offering services through outward-facing websites are frequently in the crosshairs. If there’s potential benefit in your website or service being inaccessible to a person, organization, or country, then you should have measures in place to mitigate such attacks.
The intended impact of a DDoS attack varies. In some cases, particularly when linked to nation-states whether formally or informally, attackers employ DDoS attacks as a means to oppose organizations or services they disagree with, using the attack as a means of conveying their message. Other times individuals use these attacks as a form of protest, a way to enhance notoriety, a means of extortion, or even to help promote an opposing group. Larger DDoS attacks often indicate a larger group due to the amount of manpower required to conduct such attacks but accomplished individuals or smaller groups with large resources can occasionally pull these attacks off as well.
Another scenario where a DDoS attack might be deployed is to disrupt infrastructure systems; for example, a power outage during winter months in cold regions could have severe consequences. A third situation where DDoS attacks are used is to incapacitate a country’s emergency alert and/or response systems during times of crisis. One trend in DDoS attacks that has become more popular in recent years is the increase in popularity of ideologically motivated attacks– when groups associated with specific religions or belief systems attack an organization for opposing their belief system.
DDoS attacks work by overwhelming the websites or online services with a flood of traffic which stops anyone from being able to access the service and effectively stops all network services. Recent DDoS attacks in the news include the Twitter/X shutdown and the attack on the La Poste, the French Postal service. A group called Anonymous Sudan was able to use a DDoS attack to take down X, formerly known as Twitter, for 45 minutes in more than 12 countries and is also responsible for the attack against the French postal service that disrupted online services for over nine hours. This specific group, Anonymous Sudan are well known for their DDoS attacks but there are several different organizations that utilize DDoS attacks. Russia specifically is extremely well known for DDoS attacks against other countries, foreign infrastructure sectors, and even hospitals.
Another commonly targeted group is critical infrastructure systems. For instance, in 2023, the ‘Mysterious Team Bangladesh’ hacker group executed more than 70 attacks in multiple countries, with some of them impacting transportation systems. These types of attacks are prevalent, especially when the perpetrators have religious or political motives; their aim often involves disrupting a country that conflicts with their political stance or religious beliefs. Ultimately, any company heavily engaged in online business should comprehend and safeguard against DDoS attacks.
There are three common types of DDoS attacks
- Volumetric attacks: a volumetric overload of the site’s bandwidth that stops any sort of online service
- Protocol attack: a specific volumetric attack that overloads a specific service, firewall, or load balancer
- Application DDoS attack: targeting specific vulnerabilities within the application
The mitigation of these attacks heavily relies on what kind of company or organization you are protecting. The best general course of action is to deploy DDoS mitigation solutions like Cloudflare or Fastly, contact and work with your internet service provider, and continue to monitor your assets throughout the attack.