DDoS

DDoS stands for Distributed Denial of Service. As the name implies, it is a DoS (Denial of Service) attack that originates from multiple sources simultaneously.

A DoS (Denial of Service) attack is an attempt to make the targeted system unresponsive to its intended users. In the early days of the Internet, websites would exist on individual hosts, and single-source DoS attacks could be effective. Today, this is much less likely; sites are hosted on the cloud and/or across multiple data centers, integrated with CDNs, and so on. Even using techniques such as amplification and reflection, it is very difficult for a single-source attack to have enough bandwidth to overwhelm a modern site’s resources.

As a result, attackers today distribute their assaults across multiple sources. This allows them to marshal a potentially massive pool of resources for their attacks, which has made DDoS a serious problem today.

The scale of modern DDoS
DDoS can be the most dramatic form of cyberattack. The resources available to modern threat actors can allow for massive assaults.

The current record for DDoS size is an attack in March 2018, which peaked at about 1.7 terabits per second (Tbps). This broke the record from just five days earlier: the 1.35 Tbps attack on GitHub.

Measuring the impact of a DDoS is more difficult than measuring its size. Probably the worst DDoS in terms of impact was the October 2016 DDoS on Dyn. When this DNS provider was hit with a massive attack (the largest ever seen to that point), customers across North America and Europe lost access to services. The list of companies affected include AirBnB, Twitter, Zillow, the government of Sweden, and many others.

Other notable attacks in recent years included:


 * The 2014 PopVote attack (500 Gbps), targeting the grassroots movement in Hong Kong known as Occupy Central. The movement was campaigning for a more democratic voting system.
 * The 2014 attack on Cloudflare (400 Gbps)
 * The 2013 attack on Spamhaus (300 Gbps).
 * The 2012 string of attacks on multiple US banks (60 Gbps). The victims included large national institutions: Bank of America, JP Morgan Chase, U.S. Bancorp, Citigroup, and PNC Bank.

In 2017, Cisco predicted that by 2021, the number of DDoS attacks exceeding 1 gigabit per second will rise to 3.1 million. This is a 2.5-fold increase from 2016.

Scale isn’t the only problem
DDoS can be very dramatic, as seen in the incidents listed above. Of course, most DDoS attacks are far smaller than these.

But this doesn’t mean that executives can relax and ignore the DDoS threat. To be effective, an attack does not need to be at a record-breaking scale. It merely needs to be large enough to overwhelm your site’s defenses.

Today’s threat actors have access to a variety of cheap, plentiful DDoS resources. Successful attacks are made even easier by the FIXME types of DDoS which use amplification and reflection to multiply their impact.

Who is at risk
Threat actors have a variety of motives for waging DDoS attacks today. Motives include:


 * Direct monetary gain (usually from DDoS extortion: beginning and maintaining an attack until a ransom demand is paid).
 * Indirect monetary gain (for example, a retail site DDoSing a competitor during holiday shopping season, to steal some of its sales).
 * Political motives (for example, a government DDoSing media outlets that it perceives to be hostile, or political activists which it considers threatening).
 * Revenge (the FIXME attack on FIXME was the result of a disgruntled gamer who was angry at FIXME).
 * Trolling (script kiddies waging attacks just for fun).
 * And others.

The list of DDoS victims includes sites of every size and type. If your site hasn’t been hit recently, chances are that it will be soon.