What Is A DDoS Attack?

A DDoS attack — short for Distributed Denial of Service attack — is a specified cyber attack where the cyber criminal employs the use of multiple computers and IP addresses to flood the targeted source. The cyber criminal often hijacks the use of these computers or mobile devices via an embedded malicious code called a Trojan Horse, which infects a computer surreptitiously.

As an extreme influx (think millions per second) of requests are being fired at the targeted source, the cyber criminal will often attempt to bypass the firewalls, which are already being maxed out from the inundation of requests, with a malicious code or piece of malware. Once the firewall has been pierced, the malicious code is planted inside the server to be used for a various of nefarious reasons down the line.

Now, it’s common that most website visitors and daily users won’t have a clue what’s happening behind the scenes; your standard banking institution or government agency’s site will simply appear to be down for a moment. But just remember, there’s always a good chance that a DDoS attack is taking place when you can’t access a website that largely deals with secure information and customer data.

And more often than not, when a DDoS attack is affecting a targeted source, the malicious end-goal of the cyber criminal is simply to bring the system down in one fell swoop. Breaching the system to hack into or steal customer data is usually not the objective of the violation. This is purely derived from a delinquent nature or an averse behavior or distrust developed between the criminal and the target.

DDoS Attacks In The News

One of the largest banking institutions in the world, HSBC, recently felt the wrath of a vicious DDoS attack that influenced all of HSBC’s online banking services, including the public-facing website that customers access on a daily basis. An HSBC spokesman attempted to ease customer anxiety, stating that “we successfully defended our systems.”

It’s been stated that customer information and all private data has remained secure through the process, but that many access points were unavailable for customer use the days following the event. Now, even though customer data remains intact, DDoS attacks are becoming a common trend among the cyber criminal community.

Just because customer data is often not affected doesn’t mean that the banking institution isn’t harmed in other ways.

For example, it’s been known that once a DDoS attack overwhelms a targeted system, cyber criminals will actually ask for ransom money to release the source from its dominated state. This is similar to a malware ransom (or ransomware), which involves a cyber criminal hijacking documents, accounts, or even full use of a computer or mobile device, and then proceeding to extort money from the victim before releasing it back to its rightful owner.

But it’s not the rising number of DDoS attacks that seem to be the primary concern. It’s the increasing sizable strength of these DDoS attacks that has raised concern, as  they’ve begun afflicting the most wide-reaching organizations in the world. Info Security Magazine provided some insight on the power of recent DDoS attacking, proclaiming that “DDoS attack size has grown 60 times since the survey first began, and continues to … The complexity of attacks is also increasing, with over half (56%) reporting so-called ‘multi-vector’ attacks designed to hit infrastructure, applications and services simultaneously.”

DDoS attacks, for the moment, may not be the most dangerous cyber attack that a business could face, but they are certainly a growing threat and problem that all businesses and organizations should be cognizant of as both technology and cyber crime continue to progress with future developments. Having websites and/or documents ransomed for copious amounts of money is never a situation, or battle, that an entity necessarily wants to fight. It’s also becoming more commonplace that even after a ransom has been paid, the hacker refuses to release the device, file, or account that’s been taken hostage. Things can get real messy, real quick.

In conclusion, make sure you’re constantly updating firewalls and taking the required and necessary preemptive actions to help prevent these attacks from ever happening. Security solutions would be a good place to start; if you’re unsure about what solutions would work for your business, contact a digital security consultant.

Protecting your business and your clients is absolutely critical, otherwise, your business might just become the next face (or scapegoat) of digital security, or lack thereof.