DDoS Explained: What is a DDoS Attack? DDoS Protection Tips

Distributed Denial of Service (DDoS) attacks are extremely asymmetrical in their cost to the victim vs. the attacker. The evolution of tec...

Distributed Denial of Service (DDoS) attacks are extremely asymmetrical in their cost to the victim vs. the attacker. The evolution of technology makes it relatively easy and inexpensive for an attacker to compromise devices to use in a DDoS botnet or lease cloud computing resources for performing their attack. The victim, on the other hand, could lose millions in missed revenue due to site downtime.

As DDoS attacks become cheaper and easier to perform, the list of organizations targeted by these attacks is growing. With inexpensive DDoS attacks, gamers can target providers like Ubisoft simply to hurt their competitors’ chances in online games. As a result, gaming companies, and other organizations that could be targeted by an attack, require a strong DDoS mitigation solution more than ever before.

Distributed Denial of Service (DDoS) Explained

DDoS attacks are a relatively easy cyberattack to perform. If a cybercriminal can gain control of a sufficient amount of Internet-connected computing power, they can pull off a DDoS attack simply by sending automated malicious requests to their target. Gaining access to this computing power has become easier and easier as the face of the Internet evolves. In the past, the majority of network-connected machines were desktop computers, where it is easier for users to apply software updates and run defensive software, like an antivirus.

Today, the percentage of the Internet made up of laptops and desktops is rapidly dwindling. Mobile devices are becoming an increasingly common means for people to access the Internet, and individuals and businesses are rapidly adopting the Internet of Things (IoT) devices for a variety of different purposes.

Compared to desktop and laptop computers, these devices, and other less managed and monitored hardware like routers, are much easier to compromise. Many people underestimate the threat of cyberattacks on mobile devices and will open phishing links or install suspicious apps on their devices. IoT devices are notorious for their poor security, with the use of default passwords, poor update mechanisms, and use of insecure protocols (like Telnet) being the norm.

Low-Cost DDoS Results In New Attack Targets

As a result, it is easier than ever for a cybercriminal to build a botnet, and performing a DDoS attack has never been cheaper. In addition to insecure devices, DDoS attackers can build out their botnets using cheap cloud computing. The low cost of a DDoS attack (less than $7 per hour for a botnet of 1,000 desktop workstations) means that botnet operators can profitably rent out their services to third parties for an affordable rate.

As a result, the range of organizations that a DDoS attacker may target has expanded greatly. In the past, botnet operators likely selected their target for ideological reasons or to cover up another attack. Now, they attack whoever their customer wants them to.

As a result, DDoS attacks against gaming providers have become more common in recent years. Attackers that want to hurt their competition will launch a DDoS attack against the game server or other network infrastructure in order to degrade or destroy gameplay. Ubisoft is a common target of these attacks and took a unique approach to deal with them.

A Novel Approach To DDoS Protection

In September 2019, the gaming company Ubisoft threatened to sue four different DDoS for hire websites for attacks against the company’s servers. Attacks against gaming servers are not uncommon since they can affect the gameplay of competitors of online games. Global rankings are determined by the number of games won by each player, and forcing current players to disconnect from the server (due to a DDoS attack) hurt their rankings due to the implied forfeit.

At the time, the announcement was ridiculed since DDoS attackers are unlikely to respect legal action. However, their entire anti-DDoS campaign, including server upgrades and bans, has been wildly successful. The company has announced that it has experienced a 93% reduction in DDoS attacks within the first six weeks of putting new policies in place. They also plan to seek damages from the four DDoS for hire sites named in the lawsuit, which could offset the operational expenses associated with putting these countermeasures in place.

Defending Against DDoS Attacks

The rise of DDoS attacks against gaming providers like Ubisoft highlights the threat that any organization faces from DDoS attackers. If a gamer can afford a DDoS attack against game servers simply to preserve their position in the global rankings for a game, then even a cybercriminal without access to a botnet could easily lease services from a DDoS as a Service provider to carry out their attack.

A DDoS attack against an organization can have a number of negative impacts. The simplest of these is the loss of potential sales and revenue when customers are incapable of accessing the organization’s site during the attack. However, a DDoS attack is often also used as a smokescreen to hide another type of attack. While the security team is distracted and overwhelmed by the DDoS attack traffic, the attacker performs a more subtle attack as well to steal sensitive data or implant malware on the target system.

As a result, protecting against DDoS attacks is important for more than just ensuring the availability of an organization’s web presence. As DDoS attacks become more powerful and more common, deploying a leading DDoS mitigation solution is an essential component of any organization’s cybersecurity defensive strategy.