Ever notice that acronyms and initialisms don’t often spell out anything good in their full forms? There is no DCBT (designated cupcake break time) or PPH (playing with puppies hour). Instead the world gets a bunch of short-form diseases, industry-specific jargon, snooze-inducing baseball statistics and, oh yeah, cyberattacks that are wreaking havoc on websites, businesses, governments and even average unsuspecting people every day.
Yes, DDoS might as well stand for very bad internet thing, because that’s essentially what it is. Here are the specifics of that very bad internet thing, as well as a primer on what else you need to know in regards to these increasingly popular attacks.
DDoS, aka distributed denial of service
Distributed denial of service, in turn, means a cyberattack that aims to overwhelm the server or network resources of a targeted website or other online service. At its most basic level, the DDoS meaning is an attack that when successful takes a website or service offline, keeping its users from using it.
DDoS attacks are a type of denial of service attack
As can be inferred from their names, both denial of service (DoS) attacks and distributed denial of service attacks seek to deny services to their legitimate users. DDoS fits into the category of DoS, but DDoS and DoS attacks have significant differences.
In DoS attacks, just a single internet connection is used to either exploit a vulnerability or exhaust server resources with bogus requests. DDoS attacks on the other hand use a botnet, which is a network of computers and other devices that cybercriminals have hijacked using malware that allows the devices to be controlled remotely. A botnet provides attackers with powerful computing resources that do the legwork of overwhelming servers of networks on victim websites or services.
DDoS attacks typically target either the network layer or application layer
Network layer attacks tend to be big, as they are essentially a battle between a botnet and an intended victim to see who has more bandwidth available. When successful, a network layer DDoS attack clogs the pipeline of the network, preventing access to the servers and sometimes running up big-time bandwidth bills.
Application layer attacks are more sophisticated and target the server with fake requests that use up a significant amount of server resources for processing or handling. Think of a network layer attack like running full force at a man and tackling him, and an application layer attack like tying his shoelaces together and waiting for him to trip.
The consequences of these attacks are both short-term and long-term
Regardless of which type of attack is undertaken, the consequences are much the same: users are unable to access the site or service. This results in an immediate loss of traffic or revenue, as well as a long-term loss of loyalty – often the costliest consequence of a DDoS attack.
Other possible consequences include software or hardware damage, a massive bandwidth bill from a network layer attack, and the truly terrifying prospect of a data breach that occurs while a cybersecurity team was distracted by the distributed denial of service attack.
Attacker motivations vary widely
The reasons behind DDoS attacks range from business or personal revenge, to gaining advantage in a competitive industry like online gaming or SaaS, to using these attacks as a form of political protest, extorting easy money using DDoS ransom notes, and for plain old “fun.”
The people behind distributed denial of service attacks likewise range from brilliant hackers to script kiddies to average people with a few extra dollars they’re willing to pay to a DDoS for hire service. There’s also a wide, wide range of DDoS victims: government websites or services, media outlets, major corporations, small to medium businesses, mom and pop shops, and random websites targeted by the quick money-making scheme of DDoS ransom notes. In short, potential victims include almost every website on the internet.
The best defense is a good defense
Unfortunately for, well, almost every website on the internet, there’s no way to actually prevent DDoS attacks from being launched. It’s only possible to prevent attempted attacks from being successful, and this is something that typically requires professional DDoS protection. For most websites and businesses this means scalable, cloud-based protection that uses granular traffic inspection and has either always-on or on-demand deployment, depending on a website or business’s specific needs. For some organizations, on-demand protection is necessary to meet compliance requirements.
With the right mitigation in place, an ugly initialism like DDoS can become little more than a blip on the radar of website and business owners. An NBD, if you will; a rare good news initialism.