A distributed denial of service (DDoS) attack is a type of cyberattack that hackers often use to breach a network and overload it with unwanted traffic to disrupt services. Once the system is strained to its limit, it no longer accepts legitimate traffic, and services start to fail.
Think of a DDoS attack as a crowd blocking the way into your favorite coffee shop: It's tough for you to get in, and it makes it difficult for that business to distinguish a real customer from the rest of the crowd. Because of that confusion, it's tough for businesses that are targeted by a DDoS attack to serve their customers and distinguish who's real and who's not.
This type of cybercrime usually targets more prominent organizations and servers, like banks or other financial gateways, and it can involve any sort of motivation, including blackmail, revenge, activism and more. Worse yet, DDoS attacks aren't limited to skilled hackers; people with a bit of scripting or coding knowledge are often found on the dark web, offering services for shockingly low costs.
It's exceedingly difficult to trace where a DDoS attack came from because of the way it's designed. DDoS attacks come from botnets built from dozens (or hundreds) of systems that have been infected without the owner's knowledge, and it's effectively impossible to prevent these cyberattacks by simply blocking a single source.
What does a DDoS do to a business?
Although a DDoS attack can be cheap to execute, it could have a lasting, catastrophic impact on your business. According to a study from Armor, a midsize DDoS can be found on the dark web for as little as $500, and it can last an entire day. That's nothing compared with the damage dealt to a business that's unable to provide service to its customers for as long as 24 hours.
For a vulnerable company, a business stands to lose as much as $20,000 per hour if it fails to prevent a breach, according to Kaspersky. A DDoS attack could also exploit basic security issues throughout a network and involve unwitting participants by using a Trojan virus to infect computers and employ them as bot runners in a DDoS attack. Even if a system that's under attack stays online, it will not respond appropriately to authentic service requests.
The downtime of the network services that a staff relies on to perform essential functions will eventually lead to lost productivity. Add in the damages resulting from customers' inability to make purchases or get support, as well as the potential data loss, and you get a critical failure with monumental costs. More important, the damage to the reputation of a business that's unable to prevent a cyberattack is far worse than the financial aspect alone.
Different types of DDoS attacks
DDoS attacks are separated into three main categories: volume-based attacks, protocol attacks and application layer attacks. Let's look at some of the differences.
Volume-based attacks, one of the most classic types of DDoS, use methods – such as User Datagram Protocol (UDP) floods, Internet Control Message Protocol (ICMP) floods and other spoof-based methods – to create colossal volumes of traffic to completely overwhelm a network's bandwidth. The purpose of these bandwidth floods is to create severe congestion on an attacked site and thus prevent normal business operations.
Protocol attacks are DDoS applications designed to consume all of the processing capacity of a network's infrastructure – including resources such as servers, firewalls and load balancers – by targeting Layer 3 and Layer 4 protocols that control network-to-network and host-to-host communications. These kinds of attacks can include synchronization (SYN) floods, fragmented packet attacks, ping of death (PoD) attacks and more.
An application attack, one of the more complex types of DDoS attacks, focuses on Layer 7 protocols to exploit weaknesses in application communications. These kinds of assaults can include low-profile attacks that target Apache, Windows or OpenBSD vulnerabilities by opening connections and starting processes that exploit resource limitations such as storage space or available memory.
An in-depth review of specific DDoS types
As previously mentioned, UDP floods and ICMP floods inundate random ports on a remote host with malicious packets. Another well-known method is a SYN flood. Normally, when a SYN request is made, the server responds with an acknowledgement of the request (SYN-ACK) and completes the handshake with a final acknowledgement (ACK). SYN floods exploit known weaknesses in a TCP connection to avoid the proper three-way handshake. They do this by rapidly sending multiple requests without allowing the server to respond, thus preventing the link between clients and servers.
A PoD is a type of protocol attack that sends multiple malicious pings to a computer to cause a server-side system failure. Packet lengths can be up to 65,000 bytes, but usually, these packets can be broken down into smaller fragments and reassembled into a complete packet. The content contained in the packages themselves is irrelevant, as the goal is to crush a system's bandwidth. And when multiple minuscule packages suddenly assemble, they totally overrun your memory buffers.
Slowloris is another type of attack that uses a highly targeted methodology to enable one web server to take down another server without disabling other services or ports in the same network. By creating connections to a target server with partial requests, a Slowloris attack keeps each false connection open to easily create a high-impact, high-volume DDoS attack.
All unknown or new DDoS attacks are also known as zero-day attacks, which exploit system weaknesses that are either unknown or unpatched. Zero-day attacks are notorious among hackers on the dark web because of the low-effort, high-impact nature of these kinds of vulnerabilities that typically occur among new network infrastructures, new businesses or antiquated software.
How a VPN can protect your business from DDoS attacks
Although you can't really trace DDoS attacks by conventional means, there are plenty of ways to prevent a network breach in the first place. One of the most effective ways to avoid a DDoS attack is by using a virtual private network (VPN), which creates a secure, encrypted connection to the internet to give you privacy and anonymity.
Once you're connected to a VPN, all of your traffic is filtered through the network's server to mask the websites you access and provide a layer of security that prevents hackers from seeing your actual IP address. Anyone who tries to break into your system will only be able to access a VPN provider's servers, which usually either don't track activity or keep online activities anonymous.
Most VPN services are robust enough to protect private individuals, as well as small and midsize businesses, from cyberattacks. And although a VPN won't necessarily avert a DDoS attack, it can prevent it from having an impact on your business, by hiding the location of your servers, offices and personnel.
However, DDoS protection doesn't come with every VPN service, so it's important to make sure the application you use has the right features to counter any attacks. While most major VPN services – like NordVPN, ExpressVPN and StrongVPN – offer security measures to combat hacker attacks, some of these DDoS options are enterprise-level and come with extra costs.
A coordinated, large-scale DDoS attack can cause unpredictable devastation to any business and requires constant vigilance. Even information technology titans like Google and Amazon have felt the effects of what hackers can do with a little coding skill, and they understand how great the threat is. But with the right VPN, anyone can safely browse the web, and any organization can safely conduct business online.