In 2015 the internet saw the highest rate of DDoS attacks ever. Unfortunately, as the web rapidly evolves, so do the number of DDoS attacks and hackers with malicious intent. For a lot of larger companies, fending off new attacks has almost become a normal routine now has they have to constantly stay vigilant. Compared to a couple years ago, it is more important now than ever to have a DDoS protection plan in place before this happens. If your website goes down this gives new users a bad first impression and can affect a variety of other things including loss of revenue, customer loyalty, your overall reputation as a company, and even employee morale.
What is DDoS?
So what exactly is DDoS? DDoS, short for distributed denial of service, is an attack focused on making a network or website unavailable for its users. This is usually done by flooding the target host with numerous requests. In DDoS, the attack source is more than one, usually hundreds to thousands of IP addresses, as opposed to DoS attacks where it usually involves a single user. DDoS attacks are harder to deflect than DoS assaults simple due to the large volume of devices contributing to the attack.
Generally, there are two different types of denial of service attacks, and that is at the application layer and the network layer. According to Arbor Network, a network security firm, almost all (93%) of attacks in 2015 reported application layer attacks, with DNS the most commonly targeted service now, rather than HTTP.
There are a couple websites such as Norse, a threat intelligence network, and Digital Attack Map, which give you a real-time overview of current attacks and suspicious network activity taking place around the globe at any given time.
In 2015, DDoS attacks hit a record high with one in the 500 Gbps range. According to Kaspersky, in Q1 of 2016, resources in 74 countries were targeted by DDoS attacks (vs. 69 in Q4 of 2015). And 93.6% of targeted resources were located in 10 countries with China being the one with the most reported cases of DDoS attacks.
It is also important to remember that DDoS attacks aren’t always over and done within a few hours. DDoS attacks can last for hundreds of hours or even days. The longest DDoS attack in Q1 2016 lasted for 197 hours (or 8.2 days). This can be a very stressful time for any team that is trying to mitigate the attack. That is why it is important to have a plan of attack in place ahead of time.
Recent DDoS Attacks
You can search for “DDoS attacks” in Google and hundreds of results will come up, that is how frequently they are are happening around the globe. Ironically, even while we were writing this post, the engineering team over at Moz was working tirelessly trying to mitigate a DDoS attack.
MozBar for Firefox is shutting down temporarily due to DDOS attacks. We'll tweet again as soon as it's back up. Sorry for any inconvenience!
— Moz (@Moz) August 8, 2016
Earlier in August, the UK-based web hosting firm, 123-Reg also suffered from a DDoS attack which affected a variety of services, peaking at 30 Gbps. Even large gaming companies, such as Blizzard, who deal with this regularly aren’t entirely bullet-proof as a DDoS attack back in April prevented players from logging into all of their gaming services. No matter how much “DDoS protection” you might think you have in place, always be prepared.
Another aspect when it comes to DDoS attacks is how you handle them from a PR perspective. If your site or services are down for hours people will instantly jump to social media and the word spreads like wildfire. Generally, it is good to be open and transparent about the issues and let users know as things happen. For example, we mentioned that Moz DDoS attack above. If you take a look at their status page you can see that they did their best to keep people informed as things progressed, as well as staying on top of social correspondence.
There are a few ways to help protect yourself against DDoS attacks.
- Keep an eye on the inbound traffic hitting your server and monitor everything for irregularities. The sooner you see an unusual spike in traffic that looks suspicious, the sooner you can start investigating.
- Implement rate limiting in the event you are being attacked in order to avoid your server being overwhelmed.
- Add filters to your router to drop packets from suspicious sources.
KeyCDN closely mitigates DDoS attacks in the background to help keep our users’ websites safe. Our edge servers are being continuously monitored to detect and rectify any possible attacks. In fact, we have built an entirely custom infrastructure just to handle DDoS mitigations. This will ensure that if one does take place that things are routed accordingly to unaffected POPs/edge servers so that visitors don’t incur any downtime.
Another great solution for DDoS protection is to use a reputable web application firewall from a service like Sucuri. The Sucuri firewall (cloud proxy) is a cloud-based protective layer that’s very easy to enable and doesn’t require that you install anything on your web server. This can help protect your website from SQL Injections, brute force attacks, malware, and of course DDoS attacks.
Sucuri is well equipped for handling large denial of service attacks, scaling, and has 5 major DDoS scrubbing locations in the USA/SJ, USA/Dallas, USA/Virginia, UK/London and Germany/Frankfurt. And yes, Sucuri even integrates with KeyCDN! You can use the two together for faster and safer content delivery.
DDoS protection is needed now more than ever, as attacks continue to increase at a rapid pace in 2016. You can never be safe 100% of the time, but you can be better prepared. Having systems in place to monitor traffic, a web application firewall, rate limiting, a status page, and someone responding on social are all ways to help ensure that the DDoS mitigation goes as smooth as possible. The last thing you want to be doing is scrambling in all directions, or you run the chance of burning out your team.