DDoS Protection - Why It Is Needed Now More Than Ever

In today's digital world, websites and online services have become an integral part of our daily lives. From shopping to banking to social media, the internet has made many aspects of our lives more convenient. However, this increased reliance on the internet has also made us more vulnerable to attacks, especially Distributed Denial of Service (DDoS) attacks.

Unfortunately, as the web rapidly evolves, so do the number of DDoS attacks and hackers with malicious intent. For a lot of larger companies, fending off new attacks has almost become a normal routine now has they have to constantly stay vigilant. Compared to a few years ago, it is more important now than ever to have a DDoS protection plan in place before this happens. If your website goes down this gives new users a bad first impression and can affect a variety of other things including loss of revenue, customer loyalty, your overall reputation as a company, and even employee morale.

What is DDoS?

So what exactly is DDoS? DDoS, short for distributed denial of service, is an attack focused on making a network or website unavailable for its users. This is usually done by flooding the target host with numerous requests. In DDoS, the attack source is more than one, usually hundreds to thousands of IP addresses, as opposed to DoS attacks where it usually involves a single user. DDoS attacks are harder to deflect than DoS assaults simply due to the large volume of devices contributing to the attack.

There are several types of DDoS attacks, including:

1. Volume-based attacks: This type of attack involves overwhelming the targeted network or server with a high volume of traffic, making it unavailable to its users. The most common volume-based attack is the UDP flood attack.

2. Protocol attacks: This type of attack targets the underlying protocols of the internet, such as the TCP (Transmission Control Protocol), UDP (User Datagram Protocol), and ICMP (Internet Control Message Protocol), to overload the targeted network or server. The most common protocol attack is the SYN flood attack. SYN is a flag in the TCP protocol used during the establishment of a new TCP connection.

3. Application layer attacks: This type of attack targets the application layer of the internet, such as websites, web applications, and APIs. The most common application layer attack is the HTTP flood attack.

4. Hybrid attacks: This type of attack combines multiple attack methods to increase the impact of the attack.

According to Arbor Network, a network security firm, the most commonly recorded type of DDoS attack is the TCP-based flood attack. These attacks are simple to carry out and can cause significant harm to the targeted website or service. However, as the technology and methods used to carry out DDoS attacks evolve, more advanced and sophisticated attacks are becoming more prevalent.

There are a couple websites such as Norse, a threat intelligence network, and Digital Attack Map, which give you a real-time overview of current attacks and suspicious network activity taking place around the globe at any given time.

According to Kaspersky, in the third quarter of 2022, the rankings of the top four countries that were targeted remained unchanged from the previous quarter. Although the US lost 6.35 percentage points, it still held the top spot with 39.60% of the attacks. Mainland China saw a significant increase, with a 6.31 percentage point rise and a 13.98% share of the attacks, earning the country second place. Germany and France remained in third and fourth place, respectively, with 5.07% and 4.81% of the attacks.

The size and scale of DDoS attacks have been increasing over the years, with some attacks reaching sizes in the hundreds of gigabits per second. This is due to several factors, including the availability of botnets, the increasing number of vulnerable devices connected to the internet, and the development of more sophisticated attack techniques.

According to a report by Akamai Technologies, in Q3 2021, the largest DDoS attack recorded was 809 Gbps, a significant increase from the previous quarter's largest attack of 623 Gbps. The report also noted that the number of attacks over 100 Gbps has been steadily increasing since 2018.

Another report by Nexusguard, a cybersecurity company, stated that the average size of DDoS attacks increased by 45% in 2020, with some attacks reaching sizes of over 1 Tbps. In the first half of 2022, the total number of attacks and the average attack size increased by 75.60% and decreased by 55.97%, respectively, compared to the values recorded in the second half of 2021. Interestingly, compared to the second half of 2021, the maximum attack size decreased by 66.82%, with the maximum attack size being 232.00 Gbps.

It is also important to remember that DDoS attacks aren't always over and done within a few hours. DDoS attacks can last for hundreds of hours or even days.

In Q3 2022, DDoS attacks lasting 20 hours or more accounted for 19.05% of total attack duration, almost reaching the levels seen at the beginning of the year. The proportion of long-term attacks rose from 0.29% to 0.94%, while short attacks of less than four hours slightly decreased and their contribution to the total duration dropped from 74.12% to 60.65%. The longest attack in the quarter lasted 451 hours, while the average duration rose to around 2 hours and 2 minutes.

Past DDoS attacks

In 2018, GitHub was hit by a DDoS attack that peaked at 1.35 Tbps, making it one of the largest DDoS attacks in history. The attack lasted for about ten minutes and was successfully mitigated. The DDoS attack on GitHub was massive. In fact, at the time when it happened, it was the largest DDoS ever experienced. They were being hit with 126.9 million packets per second. The attack itself relied on UDP-based memcached traffic which gave the attacker the opportunity to amplify the data load and thus the severity.

In February 2020, Amazon Web Services suffered a massive DDoS attack that lasted for several hours. The attack, which peaked at 2.3 Tbps, was one of the largest ever recorded at that time.

You can search for "DDoS attacks" in Google and hundreds of results will come up, that is how frequently they are are happening around the globe. Furthermore, just type in "ddos" into Twitter and you'll see a steady stream of posts related to either DDoS articles or companies alerting their customers that they're experiencing a DDoS interruption, such as Moz did.

MozBar for Firefox is shutting down temporarily due to DDOS attacks. We'll tweet again as soon as it's back up. Sorry for any inconvenience!

• Moz (@Moz) August 8, 2016

Company transparency

Another aspect when it comes to DDoS attacks is how you handle them from a PR perspective. If your site or services are down for hours people will instantly jump to social media and the word spreads like wildfire. Generally, it is good to be open and transparent about the issues and let users know as things happen. For example, we mentioned that Moz DDoS attack above. If you took a look at their status page when it happened you can see that they did their best to keep people informed as things progressed, as well as staying on top of social correspondence.

You can always use a hosted service, such as StatusPage if you need something to hook into your services/platform. Or build your own custom service status page, which is what we have done at KeyCDN.

Interesting DDoS facts

It's no doubt that DDoS is a huge topic nowadays. With so many business and users impacted by these attacks, many services have been created to help mitigate them. The following are a few interesting DDoS facts pulled from various sites to help give you some perspective on just how large and impactful DDoS can be.

• 43% of cyber attacks target small businesses - Kaspersky
• Global spending on cybersecurity is projected to reach $188.3 billion in 2023, an increase of 11.3% from the previous year. - Gartner
• Large scale DDoS attacks are up 140% year over year - Rambus
• DDoS attacks are often carried out using botnets, which are networks of infected devices controlled by the attacker.
• The first recorded DDoS attack occurred in 1999, targeting the website of the Yale University Law School.

Furthermore, it's interesting to note where these attacks are coming from and how they are being carried out. According to Kaspersky, UDP-based DDoS attacks accounted for 51.8%, SYN-based attacks accounted for 27%, and the remainder was accounted for with TCP, HTTP, and GRE attacks.

DDoS protection

There are a few ways to help protect yourself against DDoS attacks.

• Keep an eye on the inbound traffic hitting your server and monitor everything for irregularities. The sooner you see an unusual spike in traffic that looks suspicious, the sooner you can start investigating.
• Implement rate limiting in the event you are being attacked in order to avoid your server being overwhelmed.
• Add filters to your router to drop packets from suspicious sources.

KeyCDN closely mitigates DDoS attacks in the background to help keep our users' websites safe. Our edge servers are being continuously monitored to detect and rectify any possible attacks. In fact, we have built an entirely custom infrastructure just to handle DDoS mitigations. This will ensure that if one does take place that things are routed accordingly to unaffected POPs/edge servers so that visitors don't incur any downtime.

Summary

DDoS protection is needed now more than ever, as attacks continue to increase at a rapid pace. You can never be safe 100% of the time, but you can be better prepared. Having systems in place to monitor traffic, a web application firewall, rate limiting, a status page, and someone responding on social are all ways to help ensure that the DDoS mitigation goes as smooth as possible. The last thing you want to be doing is scrambling in all directions, or you run the chance of burning out your team.