What are DDoS attacks and their types
DDoS attacks are currently the most widespread and one of the most dangerous hacker attack types. DDoS is a “distributed denial-of-service” attack, which basically means that your site or the whole server is flooded by a huge number of malicious requests from different sources, so it is very difficult to filter legitimate requests. As a result, the hardware of the server, like CPU and RAM is overloaded, as well as the throughput of the Internet connection, which leads to dramatic slowdown or even complete denial of service for real users or clients.
Most DDoS attacks against the specific victim are thoroughly planned by the hackers and are realized in the specific order:
- collection and analysis of data about the victim in order to find obvious and potential vulnerabilities and choose the specific type of future attack;
- preparation of an attack by the deployment of the malicious code on the computers and other infected devices, connected to the Internet;
- initiation of a stream of simultaneous malicious requests to the website or server from numerous infected devices, controlled by the hackers;
- analysis of attack results, and, if the expected results are not achieved, a repeat of the cycle starting from step 1 using a different type of attack, larger number of devices, etc.
There are two general approaches to DDoS attacks: hackers may either attack the hardware infrastructure of the server, or they may target specific programs and/or APIs to make them fail. Attacks on the hardware infrastructure are more widespread, usually have mass character, easier to execute, but they are also easier to be detected and protected against, and special software services are very successful in doing this. Attacks on the programs/APIs are more unique and need more careful preparation, so in many cases, it is necessary to engage security specialists to repel them.
There are dozens of specific types of DDoS attacks created during the last 30 years. The most infamous of them are ping flood, smurf attack, twinge attack, Fraggle attack, SYN flood, and many more.
Why DDoS attacks are so dangerous to your business
Modern DDoS attacks usually target a specific person, company, or even country. Motives may be various, but the most common are unfair competition, blackmail, political or social protests, conflicts of interest, revenge, or even simple vanity. Hackers most often attack the websites of government institutions and services, e-commerce companies, financial institutions, and gaming services. During the last couple of pandemic years, the favorite targets are also video conferencing services, educational resources, online cinemas, media, and entertainment sites.
A successful DDoS attack disrupts the course of operations and damages the reputation of the victim, but the most dangerous threat is the possible leakage of information about customers or employees of the company. Hackers may steal passwords, personal data, and other confidential information, in the worst cases, including financial, accounting, and technical data.
The methods of protection against DDoS attacks
To protect your business and information against DDoS attacks, you should follow some basic rules and perform some security measures:
- Reduce the scale of the area, which may be attacked by hackers. Programs and hardware resources should only be accessible via the predefined ports and protocols and only by authorized software.
- Collect data about typical and untypical traffic on your server, and monitor any unusual activity.
- Create the “Denial of service response plan”. When a DDoS attack happens, you should have prepared and trained staff, a system of communication and notifications, plan of action for how to repulse an attack.
- Use a Web Application Firewall to protect yourself against software-level attacks.
- Don’t forget about cyber hygiene. Authorized users should be able to recognize symptoms of DDoS attacks, know how to avoid phishing attacks, regularly change passwords, use dual-level authentication, etc.
- If possible, prepare yourself on the hardware level. Upgrade your servers for more memory and processing power, and increase the available network bandwidth. The small and medium-scale DDoS attacks will not be very dangerous then.
- Use free or paid cloud-based services, which provide DDoS protection.
Best services to protect your business against DDoS attacks
As the Internet becomes a more and more dangerous place, the number of cloud-based services, which specialize in protection against DDoS attacks and various other threats, rapidly increases. Today, there are more than 30 such services, but we are going to consider only 5 of them, the most popular and effective.
Akamai Anti DDoS Service
Akamai, founded back in 1998, is the world-leading provider of services for network protection, including protection against DDoS attacks. It has more than 1300 data centers in more than 100 countries with over 10 Tbps of throughput. More than 225 security specialists are ready to help you out with security problems at any time of day and night. The quality of protection is indisputable. The only problem is that Akamai doesn’t reveal pricing for its services. Contracts with each client are signed separately, and monthly payments are defined on the basis of the value of protected assets, deployment model (on-demand or always-on service), selected service model (like self-service, assisted, or fully managed), and selected additional options. So, the protection isn’t going to be cheap, and for small websites, it is usually better to look for more affordable options. On the positive side, a 60-day free trial of the Edge DNS component of the DDoS protection service is available for potential clients.
Cloudflare, created in 2009, specializes in protection against DDoS attacks, which is its main direction of the business. It has one of the largest networks of data centers, situated in 275 cities in more than 100 countries. Cloudflare claims the peak throughput of its network as a whopping 172 Tbps and promises less than 50 ms latency for more than 95% of Internet users around the world. This service offers solid protection against all kinds of DDoS attacks, but only for its “Business” tariff, which costs $200 per month, and the “Enterprise” tariff with a custom monthly price. Basic protection, though, is available for free, while the $20/month “Pro” tariff already includes Web Application Firewall, which makes Cloudflare very popular among the owners of small websites. For sure, you’ve encountered its instruments of protection at some of your favorite websites.
Imperva DDoS protection service
Imperva Incapsula is another popular complex cloud-based security service with strong anti-DDoS capabilities. Incapsula platform was created in 2009, while its parent company, Imperva, is 7 years older. Service delivers multiple functions, such as DDoS Mitigation, Web Application Firewall (WAF), Application Delivery Control, Content Delivery Network, and Global Server Load-Balancing, and provides multi-level protection for its clients, whose list includes 7 of 10 top global financial services firms, 6 of 10 top global telecom providers and 34% members of Fortune 100. Imperva Incapsula has 50 data centers with 9+ Tbps of throughput around the world, which is not exactly at the level Akamai and Cloudflare, but it seems that the quantity here is exchanged for quality. Unfortunately, Imperva doesn’t provide pricing conditions for its services, but, at least, a free trial is available.
SUCURI Website Security Platform
SUCURI is the next cloud-based service, which since 2009 provides its product called Website Security Platform. It actually includes antivirus and a firewall. The service provides standard functions like DDoS protection and Web application firewall, plus additional features like geo-blocking and blacklisting, detection and removal of malicious code, and protection against zero-day vulnerabilities, unusual bots, and brute force. The security network of the company includes 39 data centers located on all continents except for Antarctica and protects more than 400 thousand clients. Pricing is the strong side of this service. The whole Website Security Platform costs from $200 to $500 per year for 1 website, while the firewall separately costs $10 or $20 per month.
GCore DDoS protection
GCore is the youngest company on this list, founded in 2014. It provides a wide range of cloud services, including powerful DDoS protection and a Web application firewall. GCore has more than 140 data centers on 6 continents with a total throughput of 1.5+ Tbps. Unlike the other services in this list, GCore uses intelligent real-time traffic filtering technology, which usually stops a DDoS attack before it even starts. The service provides a wide variety of tariff plans for all kinds of users. Basic DDoS Protection costs €2.6 or €3.9 per month, CDN services including DDoS and vulnerability protection will cost from €0 to €100 per month, while complex Web Security packages start from €50 and €140 per month. Custom packages are also available.