DDoS Protection - Why It Is Needed Now More Than Ever
In 2018 the internet has seen some of the largest DDoS attacks ever. Unfortunately, as the web rapidly evolves, so do the number of DDoS attacks and hackers with malicious intent. For a lot of larger companies, fending off new attacks has almost become a normal routine now has they have to constantly stay vigilant. Compared to a few years ago, it is more important now than ever to have a DDoS protection plan in place before this happens. If your website goes down this gives new users a bad first impression and can affect a variety of other things including loss of revenue, customer loyalty, your overall reputation as a company, and even employee morale.
What is DDoS?
So what exactly is DDoS? DDoS, short for distributed denial of service, is an attack focused on making a network or website unavailable for its users. This is usually done by flooding the target host with numerous requests. In DDoS, the attack source is more than one, usually hundreds to thousands of IP addresses, as opposed to DoS attacks where it usually involves a single user. DDoS attacks are harder to deflect than DoS assaults simply due to the large volume of devices contributing to the attack.
Generally, there are two different types of denial of service attacks, and that is at the application layer and the network layer. According to Arbor Network, a network security firm, almost all (93%) of attacks in 2015 reported application layer attacks, with DNS the most commonly targeted service now, rather than HTTP.
There are a couple websites such as Norse, a threat intelligence network, and Digital Attack Map, which give you a real-time overview of current attacks and suspicious network activity taking place around the globe at any given time.
Back in 2015, DDoS attacks hit a record high with one in the 500 Gbps range. According to Kaspersky, in Q1 of 2016, resources in 74 countries were targeted by DDoS attacks (vs. 69 in Q4 of 2015). And 93.6% of targeted resources were located in 10 countries with China being the one with the most reported cases of DDoS attacks.
Fast forward to 2018, we're now seeing DDoS attack which are much larger in size. March, 2018 brought with it some of the largest attacks we've seen to date. GitHub, for instance, was hit with a massive 1.3 Tbps attack which had taken the site offline for a full 10 minutes. However, just 5 days after, another major DDoS attack struck which was reported by Arbor Networks saying that a US service provider suffered a 1.7Tbps attack.
It is also important to remember that DDoS attacks aren't always over and done within a few hours. DDoS attacks can last for hundreds of hours or even days. The longest DDoS attack in Q1 of 2016 lasted for 197 hours (or 8.2 days). This can be a very stressful time for any team that is trying to mitigate the attack. That is why it is important to have a plan of attack in place ahead of time.
Past DDoS attacks
As previously mentioned, the DDoS attack on GitHub was massive. In fact, at the time when it happened, it was the largest DDoS ever experienced. They were being hit with 126.9 million packets per second. The attack itself relied on UDP-based memcached traffic which gave the attacker the opportunity to amplify the data load and thus the severity.
You can search for "DDoS attacks" in Google and hundreds of results will come up, that is how frequently they are are happening around the globe. Furthermore, just type in "ddos" into Twitter and you'll see a steady stream of posts related to either DDoS articles or companies alerting their customers that they're experiencing a DDoS interruption, such as Moz did.
MozBar for Firefox is shutting down temporarily due to DDOS attacks. We'll tweet again as soon as it's back up. Sorry for any inconvenience!
- Moz (@Moz) August 8, 2016
Like GitHub, large gaming companies, such as Blizzard, who deal with this regularly aren't entirely bullet-proof to DDoS attacks. Back in April, an attack prevented players from logging into all of their gaming services. No matter how much "DDoS protection" you might think you have in place, always be prepared.
Another aspect when it comes to DDoS attacks is how you handle them from a PR perspective. If your site or services are down for hours people will instantly jump to social media and the word spreads like wildfire. Generally, it is good to be open and transparent about the issues and let users know as things happen. For example, we mentioned that Moz DDoS attack above. If you took a look at their status page when it happened you can see that they did their best to keep people informed as things progressed, as well as staying on top of social correspondence.
Interesting DDoS facts
It's no doubt that DDoS is a huge topic nowadays. With so many business and users impacted by these attacks, many services have been created to help mitigate them. The following are a few interesting DDoS facts pulled from various sites to help give you some perspective on just how large and impactful DDoS can be.
- 43% of cyber attacks target small businesses - Smallbiztrends
- Cybersecurity spending will reach 114 billion this year (2018) - Gartner
- Large scale DDoS attacks are up 140% year over year - Rambus
- DDoS attacks increased by 91% in 2017 - Techrepublic
- The longest attack in Q2 of 2018 lasted 258 hours (almost 11 days) - Securelist
Furthermore, it's interesting to note where these attacks are coming from and how they are being carried out. According to Kaspersky, SYN-based DDoS attacks accounted for 80.2%, UDP-based attacks accounted for 10.6%, and the remainder was accounted for with TCP, HTTP, and ICMP attacks.
There are a few ways to help protect yourself against DDoS attacks.
- Keep an eye on the inbound traffic hitting your server and monitor everything for irregularities. The sooner you see an unusual spike in traffic that looks suspicious, the sooner you can start investigating.
- Implement rate limiting in the event you are being attacked in order to avoid your server being overwhelmed.
- Add filters to your router to drop packets from suspicious sources.
KeyCDN closely mitigates DDoS attacks in the background to help keep our users' websites safe. Our edge servers are being continuously monitored to detect and rectify any possible attacks. In fact, we have built an entirely custom infrastructure just to handle DDoS mitigations. This will ensure that if one does take place that things are routed accordingly to unaffected POPs/edge servers so that visitors don't incur any downtime.
Another great solution for DDoS protection is to use a reputable web application firewall from a service like Sucuri. The Sucuri firewall (cloud proxy) is a cloud-based protective layer that's very easy to enable and doesn't require that you install anything on your web server. This can help protect your website from SQL Injections, brute force attacks, malware, and of course DDoS attacks.
Sucuri is well equipped for handling large denial of service attacks, scaling, and has 5 major DDoS scrubbing locations in the USA/SJ, USA/Dallas, USA/Virginia, UK/London and Germany/Frankfurt. And yes, Sucuri even integrates with KeyCDN! You can use the two together for faster and safer content delivery.
DDoS protection is needed now more than ever, as attacks continue to increase at a rapid pace in 2018. You can never be safe 100% of the time, but you can be better prepared. Having systems in place to monitor traffic, a web application firewall, rate limiting, a status page, and someone responding on social are all ways to help ensure that the DDoS mitigation goes as smooth as possible. The last thing you want to be doing is scrambling in all directions, or you run the chance of burning out your team.