How does a DDoS attack work?

A denial of service attack occurs when web infrastructure, usually one or more servers, becomes so overwhelmed with malicious traffic that it uses all its resources and can no longer respond to legitimate website users. A distributed denial of service attack amplifies this scenario by launching an attack from multiple computers or devices distributed across the internet. Most large-scale DDoS attacks use botnets – computers with breached security that are being controlled and manipulated by the perpetrators of the attack. The perpetrators instruct all computers in the botnet to send fake or malicious traffic to the targeted organisation’s web servers, overwhelming them with traffic and rendering them incapable of serving legitimate users. 

DDoS - “It’ll never happen to me.”

How many contexts have you heard that phrase used in? Personal health? Home security? Driving safety? 

It is used so often that it has become a cliché for foolhardy overconfidence. And now, it is just as applicable to enterprise cybersecurity, specifically DDoS attacks.

DDoS attacks are growing in both number and individual size, and their effects are seizing the headlines. However, too few organisations are taking note until it is too late!

While the overwhelming majority (83%) believe they are adequately prepared to withstand an attack, 54% of businesses have suffered at least one successful DDoS attack in the last 12 months, at an average per company of three per year.

These are the results of an investigation into more than 300 UK and DACH organisations’ DDoS resilience. 

Read the full report

Hard Facts
%
increase in attack size
(largest attack)
%
are confident in their
DDoS mitigation
%
suffered a successful DDoS attack

Businesses invest more in DDoS protection than ever before but despite increased investment, successful attacks are still very common. 
The size and number of DDoS attacks are also increasing every year, turning DDoS into an arms race. Businesses cannot afford to regard DDoS mitigation as a one-off investment as the trend for larger attacks shows the cybercriminals are currently winning the arms race.

A DDoS test might help you evaluate where you stand. Fill in the form below to win a thorough vulnerability test. 

Win a DDoS Test

Enter in the prize draw and get the chance to win one of three DDoS tests. 

DDoS testing is designed to simulate DDoS attacks against an organisation's IT infrastructure during peacetime to understand and validate if an organisation's DDoS defences work as expected. 

Terms & Conditions

Thank you

Many thanks for participating in our free prize draw. 
Please review our Terms & Conditions

What is a DDoS attack

A denial of service attack occurs when web infrastructure, usually one or more servers, becomes so overwhelmed with malicious traffic that it utilises all its resources and can no longer respond to legitimate website users. A distributed denial of service attack amplifies this scenario by launching an attack from multiple computers distributed across the internet. Most large-scale DDoS attacks use botnets ─ computers with breached security that are being controlled and manipulated by the perpetrators of the attack.

The perpetrators instruct all computers in the botnet to send fake or malicious traffic to the targeted organisation’s Web servers, overwhelming them with traffic and rendering them incapable of serving legitimate users. DDoS attacks have become prevalent for three simple reasons ─ they are cheap, simple to create, and effective.

DDoS Mitigation
Here are five keys to mitigate a DDoS attack

The first step is to perform a vulnerability test to identify where the gaps lie in your system and network defences, and how easily they could be exploited. This will entail an extensive review of your network’s strengths and weaknesses, and whether your DDoS mitigation is fit for purpose.

This analysis should also include penetration testing (also known as an IT Health Check or a “pentest”). This will simulate an attack on the vulnerabilities from within and outside the network and determine if unauthorised access can be made to data. While this may not seem pertinent to DDoS, the findings above showed 13% of respondents believed that the DDoS attack(s) they suffered were a deliberate distraction away from other malicious events, such as direct network hacks. So if your network is vulnerable to traditional hacks where data can be stolen, in addition to being vulnerable to a distracting DDoS attack, you are a prime target.

The testing stage will show you where the vulnerabilities are, but choosing the correct solution then takes further examination. DDoS exposures are often complex, making identifying the root cause of the problem, and therefore the most appropriate fix, equally so.  

For example, a Web Application Firewall (WAF) will analyse traffic on the edge before it reaches the network and only allow genuine traffic to reach the origin. Another solution may be to use a whitelist of allowable inbound traffic rather than a blacklist of unacceptable input. Others include ensuring proper error handling, or not using unencrypted communications or authentication.  

Resources such as the Open Web Application Security Project (OWASP) can help however. OWASP ranks the top 10 most critical web application security risks by ease of exploitation, prevalence, detectability and impact. OWASP also includes a section on how to tell if you are vulnerable and how to prevent the attack. By combining this intel with advice from your security partner, you will quickly shore up your defences.

The data above has shown that those who have not yet been hit by a successful attack underestimate their likely severity. Regardless of presumed strength and resilience, business continuity should therefore be a key part of any DDoS planning. Again, the data showed only too well the very real possibility of catastrophic financial, legal, regulatory, and/or brand reputation effects.

Aside from the technical requirements of duplicating information and ensuring that recovery time objectives and recovery point objectives (RTOs and RPOs) match your business needs, there are also multiple procedural requirements. The immediate checklist is to identify your crisis team for when an emergency occurs, including who can be reached at any time within your security partner(s), how they are contacted, who is responsible for what, and who needs to be informed internally and externally.

It should be noted however that many companies devise a communications plan, but fail to appreciate that some of their usual mechanisms for contacting people will be down in the event of a serious DDoS attack. Blogs and emails may not function, so be prepared to use alternative channels such as social media to keep partners, employees, customers and even the media informed.

Sometimes, DDoS attacks are caused by cybercriminals who will demand a ransom before they will cease the attack.

Paying is not recommended. Firstly, there is no guarantee the attacker will honour any payment. Further, if a payment is made once, there is a strong likelihood the same attacker will return, much like organised crime and “protection rackets”.

Instead, inform your legal team of the attack and send them the ransom notes. Depending on the length of the attack and its impact, some organisations may need to disclose the attack as soon as possible, as was seen with Wannacry ransomware in May 2017.

The war between brands and their defences and the cybercriminals is nothing short of an arms race – and some battles will be won by the cybercriminals. In acknowledgement of this, some organisations have taken out insurance policies against data breaches and other cyber-attacks. Crucially, if you consider this, you must ensure that the policy reflects not only immediate, pragmatic impacts, but also any possible fines that may be applicable.