DDoS Attacks: 25th Anniversary

What is a DDoS attack?
 
A DDoS attack (Distributed Denial of Service) is a type of cyberattack with a sudden urge of artificial traffic, caused by numerous requests to a server from many places on the internet at the same time. As an example, you can think of a shop with one door leading to it. When thousands of people are trying to enter the shop, the capacity of the door will not allow this, so they will be blocked, and new customers will not be able to enter the shop. Compared with a DDoS attack, this sums up much of what happens in a virtual way. These attacks do not only lead to a tarnished image, but also a financial loss.
 
In the last years the DDoS attacks have become more prevalent and more harmful, but luckily at the same time, there is a similar evolution in the DDoS protection technologies. Please note: a website being slow doesn’t always mean a DDoS attack is happening. Often, it is just due to increased traffic on the site. However, if the situation repeats itself too often, it’s worth taking some appropriate steps like calling the police.
 
 The history of DDoS attacks
The history of DDoS attack consists of legendary stories. In 1996, the first real SYN flood DDoS attack took place, also known as the Panix Attack. In a SYN flood, numerous connection requests are made, by sending many SYN packets with incorrect source IP addresses to a server. Also, not to be forgotten, the DDoS attacks from February 2000, when Yahoo, eBay and Amazon were attacked in the US to gain ‘control over the internet’, have also caused a lot of damage.
Since then, the impact of attacks has largely remained the same.
There are several reasons why DDOS attacks are so popular with cybercriminals:
 
●      Bot networks: Bot networks (a collection of software robots or bots) have increased tremendously in size over the last 25 years. This combined with their compute power, makes bot networks effective, cheap, scalable and easy to perform DDoS attacks.
 
●      A weak legal approach: Effective enforcement and punishment of DDoS attacks remains a problem. A DDoS attacker can make an enormous amount of money from an attack, even when punishments (such as spending 10 years in prison and a serious fine) are at risk. Penalties still need to be harsher.
 
●      Easy and cheap: DDoS attacks are one of the easiest and cheapest ways to harm a business. DDoS became a (normal) daily cost for businesses and an unavoidable problem for the IT- and security community. More action must be taken now.
 Frightening changes of DDoS attacks
The growth in the number of DDoS attacks is being stimulated by the evolution of the Internet of Things and the continuous growth of online data.
As a result, DDoS attacks are becoming more and more common, powerful and are still seen as a serious threat on the internet.
This is what makes the DDoS attacks still so relevant:
 
●      Governments and nations become targets: DDoS attacks are no longer limited to individual and commercial organizations. For example, many U.S. government websites, such as the White House, the Pentagon and the Department of Defense, have already been subjected to DDoS attacks from botnets since July 2009. They were already attacked by a self-replicating worm that automatically infected other systems, also known as Code Red.
 
●      DDoS attacks ramp up with the help from the internet of things (IoT): The growth and emergence of the Internet of Things (IoT) has grown tremendously in power in recent years. This creates fertile ground for the botnets used to launch a DDoS attack. A good example dates back to 2012, where a large-scale DDoS attack event (‘Operation Ababil’) happened as a result of an American film director uploading the trailer of the movie ‘Innocence of Muslims’ to YouTube, eliciting widespread Muslim protests. In this unprecedented religious war, US financial institutions, including Bank of America, Citibank and HSBC were attacked, causing a significant impact on service availability.
 
●      DDoS attacks as a distraction: Today, a DDoS attack is increasingly used to distract attention from IT security teams to commit other cybercrimes such as stealing employee data. Both ways are hugely damaging and dangerous for numerous businesses.
 
●      Economic profit: Ransomware has become a major driver of the DDoS attacks. In the past, it was more likely to cause disruption or as a means of hiding to steal corporate data, but now there are more and more attacks with only monetary gain. Globally there are a lot of companies that are ill-equipped to defend themselves against a massive DDoS attack, that’s why hackers can make up to millions of euros from it.
 
●      DDoS Attack Kits: DDoS attacks are not always the work of professionals anymore. These days, you can download a DDoS attack kit in exchange for a fee to conduct a DDoS attack. Many hackers publish their source code freely (such as open source), making it difficult to trace the attack back to an individual or group.
 
  “Even the smallest DDoS attack is now a significant threat. This means you have to start building DDoS protection into plans from the start.” -Marc Foulon, Founding partner NET-measure
 
 The future of DDoS attacks
For the next 25 years, the future doesn't look particularly bright either with DDoS attacks still being relevant. Due to the new high-speed 5G networks, attacks will become much easier and bigger. 5G in combination with the continuous growth of Internet of Things (IoT) devices, will lead to more security vulnerabilities, making devices easier to target and recruit into a botnet. 
 
One of the most interesting recent twists in the DDoS attacks story is a move to make DDoS attacks be accepted as a legal method to protest. Anonymous, an online hacktivist group, sent a petition to the White House in Jan 2013, trying to legalize DDoS attacks for protesting. One camp insisted that DDoS attacks are perfectly legal and within the rights of citizens, while the other camp took the opposite, extreme approach, claiming that all DDoS attacks are attempts by hackers and potential terrorists to disrupt their victim’s operations. 
No doubt that DDoS attacks have become so commonplace and massive, and they are here to stay. IT will continue to require newer, smarter, and more autonomous ways of DDoS attack protection.
 
 DDoS protection from NET-measure
 
Looking towards the future, DDoS prevention may well depend on the development of technologies based on improved defense and more advanced attack-source tracing methods. Concurrently, as network infrastructure is designed in a more secure fashion, and ID authentication techniques are improved, internet users will be further restrained from performing malicious activities.
 
Luckily at NET-measure, we have methods to protect you against DDoS attacks. Our goal is to provide IT Performance and Security monitoring services, products and consulting to companies, corporations and institutions with the solution to accelerate, transform and innovate both their networks and cloud implementation.
 
For DDoS attacks, we promote Arbor Cloud for on-premise DDoS defense with cloud-based traffic scrubbing services that are tightly integrated via an automated cloud signal. A proven industry best practice. The services mitigate the constant threat of a DDoS attack by automatic alerting when traffic patterns breach security policies or rogue network devices represents a security gap and by identifying potential zero-day threats in advance.
Nowadays, it is essential to make sure you have deployed intelligent DDoS protection systems to protect your public servers, services, applications, data and support infrastructure.
 
 Want to know more about our DDoS protection?Discover our DDoS solutions in detail or contact us