Distributed denial of service, or DDoS attacks can bring down your website and leave you inaccessible to the rest of the internet for hours or days on end.

Picking up the pieces after a DDoS attack is a long and costly process. The average financial cost of a DDoS attack for a small or midsize business is about $123,000, and that number is on the rise.

DDoS attacks have grown bigger and more complex over the years, and they spare no website or network.

  • Thirty-three percent of businesses were hit by DDoS attacks in 2017, nearly double the number of attacks in 2016.

Small businesses, individual website owners, and bloggers are more vulnerable than large corporations, because they have more IT resource constraints that make it harder to detect and prevent a DDoS attack.

But, even with limited resources, small businesses can—and should—implement a strategy for safeguarding against DDoS attacks, using a combination of cloud infrastructure, network monitoring, and blockchain technologies.

Failing to create a multifaceted approach to prevention means you’re vulnerable to attack, which could end up costing you upwards of $140,000 in recovery.

In this article, we’ll explain the concepts you need to understand about DDoS attacks and show you some ways to avoid becoming a target.

When ‘zombies’ target you: How a DDoS attack works

In DDoS attacks, multiple systems flood a server, website, or any other network resource with connect requests, messages, or other communication packets. The goal is to slow down or crash the system.

The concentrated attack and subsequent shut down of the system results in a “denial of service” for legitimate users.

GIF of a DDoS attack

DDoS attacks target your system with heavy traffic to bring it down (Source)

An attacker exploits vulnerabilities in a computer and makes it the DDoS master. The compromised system then targets multiple computer systems with vulnerabilities and gains control over them using malware or Trojan. The systems under the control of the attacker are called “zombies.”

The attacker then uses the traffic generated by the compromised devices to flood the target domain and shut it down.

DDoS master and zombies attack your system with heavy traffic

DDoS attacks are “distributed,” because they use many zombies to increase the attack strength and complexity (Source)


Be warned: DDoS attacks are getting larger and more frequent

DDoS attacks are simple to orchestrate and relatively inexpensive to carry out. And, manual methods of launching a DDoS attack are now being replaced by automated programs that are capable of more complex and persistent attacks.

The strength of a DDoS attack is measured in gigabytes per second (Gbps).

Large DDoS attacks (over 50 Gbps) increased 4 times between 2015 and 2017

The largest reported DDoS attacks in 2010 were only 100 Gbps. That rose to 400 Gbps in 2014, and 1 Tbps (1,000 Gbps) in 2016.

Forty-two percent of organizations reported an increase in DDoS attacks greater than 50 Gbps in 2017, compared to 10 percent in 2015.

Line graph–DDoS attack magnitudes have grown exponentially

(Source)

Withstanding such attacks becomes difficult, especially for small businesses, as you need extra bandwidth to absorb the surge in traffic.

The volume of traffic needed is expected to increase as DDoS attacks add more zombies, including new endpoints such as mobile phones and other connected devices.

IoT botnets fuel bigger DDoS attacks

According to Gartner, there will be 20.4 billion internet-connected “things” by 2020.

Poorly secured connected devices, such as smart cameras, thermostats, or other personal devices, are easy targets for attackers to launch malware-based DDoS botnets. These attacks are large—300 Gbps or more—and more difficult to prevent.

From 2016 to 2018, Mirai, a botnet designed to gain remote access to millions of vulnerable IoT devices, brought down several websites—including those of many small businesses—in massive DDoS attacks. Popular security blog, KrebsOnSecurity, came under sustained DDoS attack from more than 175,000 IoT devices.

According to cloud delivery provider, Akamai:

“As vulnerable devices are added to IoT-based botnets, we expect a second surge in botnet capabilities and DDoS attack size.”

 

Term you should know

Botnet: A network of internet-connected devices infected and controlled as a group by a common type of malware, without the owners’ knowledge.

Stories of real DDoS attacks: It could happen to you

Few companies are able to withstand DDoS attacks. Most crash for a few hours or days, and sometimes even permanently.

GitHub and Dyn: The largest DDoS attacks in internet history

  • In 2018, GitHub faced 1.35 Tbps traffic because of an attack and went down for 10 minutes. It was able to mitigate the sustained DDoS attacks by routing traffic through DDoS mitigation provider Akamai Prolexic’s larger network.
  • In 2016, the servers of Dyn, a company that controls most of the U.S’s DNS servers, came under sustained DDoS attacks, bringing down prominent websites including Twitter, Netflix, Reddit, CNN, and others. Mirai botnet, which caused this attack, had over 100,000 zombies and a strength of 1.2 Tbps.

Many businesses don’t realize they’re at risk until after a cyberattack. Here are some examples of small businesses that became DDoS attack victims. Their experiences provide valuable lessons about loopholes in security practices and how to avoid or overcome them.

5050 Skatepark

DDoS attacks on the website of 5050 Skatepark, an indoor games operator, wreaked havoc on the business’s operations and revenue. Customers were left wondering whether the business was closed.

  • Why they were vulnerable: The business didn’t have a strong password security strategy in place before the attack.
  • What they did after the attack: The company rejiggered its passwords and enforced strict password policies that required users to have different passwords for different accounts. They now monitor their website regularly and train employees in cybersecurity.

Rokenbok

Rokenbok, a gaming company, saw its website get shut down completely due to DDoS attacks. This was followed by a ransomware attack that rendered its systems useless and cost the company tens of thousands of dollars.

  • What they did after the attack: The company spent four days restructuring their business and added new security strategies to prevent future threats.

Term you should know

DNS server: Domain Name System (DNS) is the internet’s system for converting alphabetic names in a web URL into number IP addresses.

The aftermath of a DDoS attack: Downtime, increased costs, and vulnerability to more cybercrimes

A Kaspersky survey found that 30 percent of businesses do not take any preventive measures, because they believe they are unlikely targets of DDoS attacks.

This is even more true of small businesses—82 percent feel that they are not at risk for cyberattacks, according to a poll by Manta.

In reality, 20 percent of all DDoS attacks in 2017 targeted very small businesses and 33 percent targeted small and medium businesses.

53 percent of DDoS attacks victims are SMBs and very small businesses

DDoS attackers randomly target open ports, and yours could just happen to be one of them

Term you should know

Open port: A type of TCP/IP traffic, defined by a number, and that is allowed to accept communication packets. A closed packet rejects all communication packets directed at it.

 

Here are some more reasons you should be worried about preventing DDoS attacks:

DDoS attacks leave your system vulnerable to other cyberattacks

DDoS attacks are often used as a diversionary tactic. While you’re distracted, the attacker might actually be injecting malware or stealing valuable data.

According to Kaspersky’s survey, 53 percent of respondents affected by DDoS attacks claimed that it was used as a cover-up. Of those DDoS attacks:

  • Forty-nine percent masked a data theft or leak
  • Forty-two percent covered up a network intrusion or hacking
  • Twenty-six percent hid a financial theft

DDoS attacks affect business performance

Most businesses rely on the internet for day-to-day operations. System downtime due to DDoS attacks affects your business operations and your customers’ ability to reach you. Of companies hit by DDoS attacks:

  • Twenty-six percent reported a significant decrease in performance of services.
  • Fourteen percent recorded a failure of transactions and related processes.

DDoS attacks impact your revenue and increase your costs

The biggest challenge for businesses was the cost of fighting a DDoS attack and restoring services, according to a survey of business professionals.

For small businesses, the highest DDoS related-expense was paying overtime as employees rebuilt systems and files. Twenty-three percent of businesses reported a loss of revenue and business opportunities as a result of DDoS attacks.

7 ways to prevent a DDoS attack: Software, blockchain, and more

“While DDoS attacks can’t be prevented, steps can be taken to make it harder for an attacker to render a network unresponsive.”

Rachel Kartch, analysis team lead at the CERT Division of SEI

 

Preventing a DDoS attack may not always be possible. But, here are some ways you can be more resilient and arm yourself to detect attacks and mitigate them before they get out of hand.

1. Cloud services allow you to take advantage of your service provider’s bandwidth resources

One way to minimize the impact of DDoS attacks is by overprovisioning bandwidth.

Using cloud services is a simple and cost-effective option for small businesses. Cloud computing supports bandwidth pooling and resource autoscaling. This makes cloud customers more resilient to DDoS attacks.

Cloud-based services are scalable, and you can take advantage of the service provider’s resources to deal with DDoS attacks. You also don’t have to worry about maintaining and securing a network infrastructure.

Internet service providers (ISPs) can also help you with additional bandwidth when needed. Work with your ISP to learn what mitigation services they provide in the event of a DDoS attack.

However, relying on your cloud provider or ISP alone is not the right strategy. You could end up being the collateral damage of an attack on the cloud provider’s or ISP’s co-tenant.

To plan for this, monitor your network continuously to detect abnormal traffic and work with your ISP to reroute traffic to a scrubbing center or to block attacks inline, as soon as they are detected.

Term you should know

Scrubbing center: A data cleansing unit where incoming traffic is analyzed and malicious traffic from a DDoS attack is removed.

 

2. Network monitoring and DDoS mitigation tools help detect traffic anomalies

Small businesses must monitor bandwidth and remain alert to potential traffic spikes that could be a DDoS attack or virus.

Network monitoring tools help monitor traffic and raise alerts whenever there is an unreasonable spike, providing the first level of security. These tools, along with DDoS mitigation tools, help to detect and mitigate DDoS attacks.

Analyzing your network logs will alert you to security threats on your network. Network firewalls, load balancers, and web application firewalls are other tools that will help strengthen your network defenses.

Network traffic monitoring graph

Network monitoring graphs in software platform, Paessler show traffic, usage performance, and availability

DDoS mitigation service providers, such as Akamai or Arbor Networks, reroute the excess traffic to a mitigation center and scrub it, allowing only legitimate traffic to reach your website.

3. Up-to-date security elements reduce damage from cybercrimes covered up by DDoS attacks

Since DDoS attacks cover up for a variety of other cybercrimes, you need to install and update your other security tools, such as anti-virus, advanced threat detection systems, and security patches.

Updated security features reduce the damage that an attack can cause, including financial theft, data theft, or ransomware.

Unpatched servers and application vulnerabilities are easy targets for hackers. You must ensure that any open source platforms you use, such as WordPress, are updated as soon as updates are available, and security flaws are fixed.

Antivirus software helps monitor internet activity

Anti-virus solutions such as ActivTrak help prevent employees from accessing harmful links
and monitor their internet activity

4. DDoS mitigation action plans are a small business’s best defense

There is little you can do to stop it once your website or server is already under a traffic assault, besides go into fire-fighting mode.

One way to be prepared in advance, however, is to keep ready an action plan that your business will follow in case of a DDoS attack. This will include the emergency contact details of your ISP, members within your business who need to be notified, and incident report templates that explain the incident.

Educate and train your staff on cybersecurity. If you have the resources, get one of your team members trained in security certifications such as GCIH, and make them the person responsible for handling your cybersecurity plan.

5. Nonprofits can use Google’s Project Shield to safeguard their website

Project Shield is Google’s free service that helps protect websites from DDoS attacks. It displays cached content to website visitors. This reduces traffic requests to your web server and absorbs potential DDoS attacks.

Note: The project supports only news websites, election monitoring websites, and human rights websites (after review of an application).

6. Blockchain could be a force for DDoS prevention

Businesses are beginning to explore blockchain to prevent and mitigate DDoS attacks. Blockchain is a decentralized system with multiple nodes. Operating the DNS on a blockchain would ensure that attacks are not concentrated on a centralized source, crippling it.

To successfully bring down a DNS on a blockchain, hackers would have to gain access to multiple nodes at the same time, which makes implementing the attack more difficult, time-consuming, and expensive.

Alternatively, companies are also using blockchain technology to create a decentralized network of servers that can quickly send bandwidth to other servers facing attacks. The attacked server can then withstand the DDoS onslaught by absorbing the excess traffic using the additional bandwidth.

7. Consult a security expert to implement DDoS prevention techniques

Rate your team’s security skills and capabilities. If you feel you aren’t equipped to handle business IT security yourself, look for security experts that can advise you on DDoS prevention techniques and more.

Check out the security vendor’s past experience, its product offerings, client base, cost, and support options before finalizing implementation of DDoS mitigation solutions.

 

Additional resources:

To learn more about security best practices, read our other useful articles on the topic:

For more resources, visit our Security Lab.

If you want to check out security software solutions, visit GetApp’s security software directory that lists 370+ solutions. You can also compare and review the software solutions.