Cybercrimes have been on the rise in 2020, and DDoS attacks are no exception. While DDoS attacks are nothing new to enterprises, they have become increasingly frequent due to new devices and networks to target, as well as lower barriers to entry to carrying one out.
Without proper precautions, businesses face lost revenue, damage to brand reputation, and customer churn as a result of an outage from a DDoS attack. Keep reading to learn how a DDoS attack works, and what can you do to prevent falling victim to this cybercrime.
What is a DDoS Attack?
A DDoS, or distributed denial of service attack, attempts to overwhelm a DNS server with queries in order to take it offline. DDoS attacks can target different layers of DNS architecture, but all tend to share the same playbook of overwhelming the target with traffic. If successful, the traffic renders the server (and therefore any connected websites or applications) inoperable. Typically, “botnets”, or remotely controlled, hacked computers, are used to flood the targeted server.
There have been a number of DDoS attacks over the years with high-profile targets, so if your company has fallen victim to one before you’re not alone. And given the fact that attacks were up 217% year-over-year in Q2 of 2020, it’s not so much a question of if you’ll be the target of an attack, but when.
Why are DDoS Attacks on the Rise?
DDoS attacks have increased recently primarily because they have become much cheaper and easier to carry out. Researchers at Digital Shadows found that DDoS services now start at an average of $7, down from an average of $25 in 2017. This is primarily due to the mushrooming number of insecure IoT devices, which can be easily compromised and redirected as botnets for traffic-generating purposes.
And while outages or downtime of digital products are always expensive for an enterprise, it is now mission critical to ensure high performance of your website and applications. These days, they may be your only point of interaction with your customers, so an outage can be “make or break” for your bottom line.
Bad actors are also aware of how much more damaging it is for an organization to experience an outage in 2020. For example, researchers at Kaspersky found that the number of DDoS attacks affecting education grew by 550% in January 2020 compared with January 2019.
Put simply, it has never been more important to be able to mitigate the effects of a DDoS attack, while it has also never been cheaper to carry one out. However, there are steps businesses can take to mitigate the impact of one of these attacks.
How Do I Prevent a DDoS attack?
There really isn’t anything you can do to prevent a cyber criminal from targeting you with a DDoS attack. Short of taking your business offline, if you have a website or server you can experience an attack. The goal isn’t preventing the attack - it is to mitigate the impact of an attack when it happens.
A great place to start when building resiliency against a DDoS attack is to build redundancy into your DNS. Essentially, you need excess server capacity to call upon to absorb the massive traffic volume of a typical DDoS attack.
Some of the following best practices can help you achieve redundancy:
- Overprovision your DNS infrastructure to absorb traffic spikes
- Leverage anycast protocols to improve performance and provide a faster response in case of name server outages
- Implement redundant DNS infrastructure with independent networks
- Leverage cutting edge filtering tools to identify and block suspicious traffic at ingress points
A managed DNS provider can ensure the above practices are properly configured, as well as offer other security protocols to protect against other DNS-layer attacks.
Interested in learning more about building resiliency into your DNS?
Join us on December 2 or 3 for INS1GHTS Days: Network Resilience, where we’ll provide a comprehensive overview of how you can improve your network resiliency strategy to meet the challenges of 2020 and beyond.