DDoS denial of service attacks have become one of the most common and destructive forms of cyber attacks. Learn more in this summary overview of the DDoS Boot Camp white paper.
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
DDoS Boot Camp: Basic Training for an Increasing Cyber Threat
1. 1
DDoS Boot Camp: Basic Training for an Increasing Cyber Threat
Computer hacking has moved far beyond the days of pranks launched by teenagers from a family
computer. Today, data breaches and other online attempts to wreak havoc on businesses or
individuals are criminal-led, malicious acts.
During the past decade, distributed denial of Service (DDoS) attacks have become one of the most
common and destructive forms of online hacking. Website visitors are affected when they try to
purchase products, access their accounts, or use applications and are greeted with a “Page Not
Found” or other error message, instead of the information they expected. These malicious
attempts to take down websites continue to escalate.
The downtime caused by a DDoS attack can result in extensive financial losses. For example,
Forrester estimates that the average financial damage from four hours of website downtime is
US$2.1 million dollars – and US$27 million for 24-hour outage. Forrester also reports that
financial services companies lost an estimated US$17 million per DDoS attack in 2012.
What is a DDoS denial of service attack?
DDoS attacks are attempts to make a computer resource (i.e. website, e-mail, VoIP, or a whole
network) unavailable to its intended users. Overwhelmed with massive amounts of unsolicited
data and/or requests, the target system either responds so slowly as to be unusable or crashes
completely. The data volumes required to do this are typically achieved by a network of remotely
controlled zombie or botnet (robot network) computers. These computers have fallen under the
control of an attacker, generally as a result of infection from a Trojan virus.
DDoS attack types
Botnets are used to launch different types of DDoS attacks. Each type is characterized by the way it
affects web-facing routers, servers, and other elements in a network. Two general types of attacks
and their targets include:
• Layer 3 and Layer 4 attacks that target network infrastructure. Layer 3 (network layer)
and Layer 4 (transport layer) DDoS attacks rely on extremely high volumes (floods) of
data to slow website performance and deny access to legitimate users.
• Layer 7 attacks that target applications. In contrast to infrastructure attacks, Layer 7
(application layer) attacks are especially complex, stealthy, and difficult to detect
because they resemble legitimate website traffic.
2. 2
Where do DDoS attacks come from?
DDoS attacks are a global issue. Organizations all over the world are targeted. Almost every
country is a source of DDoS attacks. Many attacks originate from compromised servers at hosting
providers that are slow to respond to malware clean-up requests, as well as servers that are out of
reach of international authorities.
Historically, China has been the leading source of botnet activity, and this position was maintained
in Q1 2013 with China generating 40 percent of botnet activity against Prolexic’s global client
base. For the same quarter, the United States was the second leading source of botnet activity,
launching 22 percent of DDoS attacks.
Why do organizations get hit by DDoS attacks?
The first question asked by executives of companies hit by a DDoS attack is, “Why me?” Most
victims have no idea why they were attacked, and they will likely never find out the identity of the
attackers. Motives can range from political activism to extortion to random attacks by amateurs.
Reasons for an attack may be hactivism, extortion, competition, disgruntled individuals and
hacker experimentation.
Affected industries
No organization is safe from becoming a target of a DDoS attack. Companies large and small are hit
daily. Some of the biggest and best-known global brands in the following industries have been
taken offline by DDoS distributed denial of service attacks.
• e-Commerce
• Education
• Energy
• Finance, banking and insurance
• Government and defense
• Healthcare
• Internet and telecom
• Media and entertainment
• Non-profits
• Retail
• Technology
• Travel
Download the white paper for more details, information about DDoS mitigation services and a
case study of a company that successfully protected itself from DDoS attacks.
About Prolexic
Prolexic Technologies is the world’s largest and most trusted provider of DDoS protection and
mitigation services. Learn more at www.prolexic.com.