DDoS stands for distributed denial of service, and a DDoS attack is when criminals deliberately disrupt the functionality of an online service. These online services include company websites, online shops and the infrastructure for remote access to a corporate network. The latter is currently an even more vulnerable target due to the increased number of people working remotely. With DDoS attacks, cybercriminals attempt to disrupt the operation of an online service by overwhelming the server with a huge amount of requests and visits. This overloads the server as it is unable to process these requests. The online service then becomes unavailable for visitors. The effectiveness of DDoS attacks primarily stems from the fact that cybercriminals use distributed networks of computers and Internet of Things (IoT) devices as the source of the attack. These networks are what are known as botnets. The botnets are usually made up of computers and devices previously infected with malware. They are then controlled remotely by hackers to conduct the attack.
Cybercriminals carry out DDoS attacks in order to overload an online service with a stream of data to make it extremely slow or shut it down completely. If a service – for example an online shop – is unavailable for an extended period of time, this can lead to a significant loss of profit for the company. If customers are unable to access online services as usual, the company may also suffer reputational damage in addition to a drop in turnover. Cybercriminals often continue to exploit this situation and demand a ransom payment from the company to stop the attack or refrain from starting further attacks. These attacks are referred to as ransom denial of service (RDoS) attacks. If the payment is not made by a set deadline, further DDoS attacks follow.
If a company notices that a DDoS attack is being carried out – for example due to an unusually high amount of traffic for an online service – they should contact their Internet service provider immediately in order to ensure that specific and appropriate countermeasures can be implemented. The primary goal should be to isolate the area of the network affected by the DDoS attack.
“DDoS attacks can disrupt a company’s online presence, impact its productivity and have an effect on profits. The risk makes it extremely important to define preventive countermeasures in order to improve IT security within the company” says Andreas Crisante, Senior Information Security Officer at Baloise. With a proactive approach that includes the coordination of employees, processes and automations, companies can reduce cyber risks and minimise interruptions to service. The following measures are particularly important when it comes to defending against DDoS attacks:
- Monitor data traffic: Companies should actively monitor their data traffic. This allows them to recognise trends and tendencies in their data traffic. If a company knows what its typical data traffic patterns and characteristics are, they can create a reference line. With this reference, they can then recognise any unusual activities that might indicate a DDoS attack and implement the necessary countermeasures.
- Risk evaluations: Companies should analyse and evaluate the risk of a DDoS attack in order to develop appropriate preparedness and restoration plans. Depending on the risk level, it is often advisable for companies to configure their security posture against DDoS attacks. They should also consult their Internet service providers to ensure they can address these risks and prepare appropriately. Good Internet service providers offer DDoS attack prevention packages.
- Cyber hygiene: Good cyber hygiene practices – security principles that every IT organisation should be familiar with and implement – are required for an effective DDoS defence strategy. The foundation for this is a security-oriented corporate culture. More specifically, this involves promoting security experts within a company and continuously improving employees’ awareness.
- Restoration plan: Companies should always have a plan B that enables them to quickly restore their core areas and business-critical services in the event of a DDoS attack or other type of cyberattack.