It was philosopher and military strategist Sun Tzu who once wrote that if you know your enemies and know yourself, you will not be imperiled in 100 battles. Though The Art of War was written in ancient China and therefore probably does not refer to the ongoing battle against Distributed Denial of Services (DDoS) attacks, it very well could. After all, others have already drawn parallels between Sun Tzu’s writings and internet security here and here.
If you’re a website owner or someone who is at all involved in running a website, you’ve probably heard of DDoS attacks, and you probably know enough to fear them. But how much do you really know about DDoS attacks? Knowing is half the battle, so read on to find out what DDoS attacks are, who’s behind them, and who’s at risk.
What DDoS Attacks Do
A DDoS attack is a distributed denial-of-service attack. It’s so named because it’s distributed, meaning it comes from a number of compromised computers and other internet-connected machines, and it’s an attack that seeks to deny the services of a website to legitimate users.
The network of compromised computers and machines used in a DDoS attack is collectively called a botnet. Botnets range in size, but they often involve millions of compromised computers. Typically, users of a compromised computer have no idea it’s been compromised and is being used to render websites unusable.
This collection of compromised computers denies the services of a website to its users by flooding the target site with traffic, overwhelming available network infrastructure, and either slowing the site to the point where it’s unusable or taking it completely offline.
If you’re wondering who exactly is at risk of DDoS attacks, that’s perhaps the simplest part of all this: everyone. Basically anyone with a public online presence. This includes large enterprises, small businesses, mid-sized corporations, political entities, governments, online personalities, controversial leaders, and so on and so forth.
Who’s Behind It?
So now you know who the targets are, what the malicious purpose of an attack is, and what to call the network of zombie computers that make DDoS attacks possible. But where do these botnets come from?
Botnets are built and distributed by what DDoS protection services provider Incapsula calls “the arms dealers.” Incapsula groups the arms dealers into four different groups. The Builder is someone who uses malware kits to create botnets, usually for the second and third groups: herders and booters. Bot herders control botnets using remote command-and-control servers, while booters provide access to botnets and toolkits for a price.
The fourth type of arms dealers is the Kit Makers who, as you might expect, make toolkits that are designed to make botnets easily accessible.
The arms dealers are essentially the middlemen who make it possible for people to launch DDoS attacks.
Doing the Dirty Work
There’s one overarching label for everyone who launches a DDoS attack: cyber criminals. However, these criminals can be separated into separate groups based on their motivations.
Extortionists are in it to make a quick buck. They send ransom notes to site owners demanding payment in return for not hitting the site with a DDoS attack. Extortionists will target anyone and everyone, and they can be a major menace to smaller websites and businesses.
Script kiddies are also a DDoS threat to smaller websites and businesses, as they tend to launch attacks purely for their own enjoyment or for bragging online about their exploits. Script kiddies aren’t particularly skilled, but thanks to the arms dealers, they don’t have to be.
Harassers are essentially online bullies looking to make peoples’ lives miserable through DDoS attacks. Intimidators are similar to harassers, but they have a purpose: threatening free speech and disrupting political discussions. Hacktivists take it even a few steps further by criticizing governments, politicians, organizations, and even individuals through their attacks.
Lastly, Hired Guns are basically hitmen. They’re paid to launch DDoS attacks against websites of their clients’ choosing. Hired guns are often used by businesses to take aim at their competitors.
What It All Comes Down To
If you think you know the whole story now, take a deep breath. The damage caused by a DDoS attack extends well beyond downtime.
According to Incapsula, the average cost of mitigating a DDoS attack is $408,292. That’s 19 days of mitigation costing over $21,000 per day. Furthermore, 39 percent of business targeted by a DDoS attack experience business disruption, 35 percent experience a loss of information, and 21 percent experience a loss of revenue.
Broken down even further, 52 percent of businesses affected by a DDoS attack have to replace software or hardware; 50 percent locate malware on their network; 43 percent experience a loss of consumer trust, largely because 33 percent experience theft of consumer data; and 19 percent experience a theft of intellectual property.
The Other Half of the Battle
Having read the above discussion points, your understanding of DDoS attacks is now 50 percent complete. The other half of the battle is investing in professional DDoS mitigation that stops arms dealers and cyber criminals in their tracks. If you’re aware of these types of attacks, how they work, and what they can do, there’s no excuse for letting your website or business become one of the above-mentioned statistics. As Sun Tzu once said, the supreme art of war is to subdue the enemy without fighting. Stop these attacks before they even materialize.
About the Author: Ben Campbell is an accomplished, experienced freelance writer and web security expert who has featured in a number of high profile publications and websites. If he’s not writing about protecting your website you’ll find him listening to live music or at the coast surfing.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.