You may have heard the term “DDoS attack” mentioned in online circles, especially when it comes to website security, but what exactly is it? A DDoS attack, or distributed denial of service attack, is an attempt by a cybercriminal to flood a server with traffic to overwhelm its infrastructure. This slows down a site’s crawl or even crashes it, so legitimate traffic won’t be able to reach the site. This type of attack can cause a lot of damage to your online business.
These cyberattacks can have a wide range of objectives, ranging from annoyance and “hacktivism” to mass loss of business. What makes them unique from other forms of hacking is motivation. While other forms of malware, like ransomware and scareware, are attempts to siphon off a victim’s money, DDoS attacks are purely designed for chaos and disruption.
The amount of downtime and damage they can cause is why they are talked about so often. Hackers regularly use DDoS attacks, and you need to be on the lookout so they don’t affect you too severely.
How does a DDoS attack work?
Most DDoS attacks are carried out with botnets – groups of computers all acting together. These computers will all attempt to access a website simultaneously, overwhelming the server and bringing it down.
How do they get these botnets? By hijacking other machines. Often a hacker uses malware or takes advantage of an unpatched vulnerability on someone else’s server to gain access through Command and Control (C2) software. By leveraging these exploits, hackers are able to amass large numbers of computers relatively easily and cheaply, which they can then deploy for their own nefarious purposes.
Once they control enough machines, hackers can then issue a command to the entire botnet, which then attempts to gain access to the target server. When too many computers attempt to access a server simultaneously, service outages are common. The end result is downtime and lost productivity.
It can range from a childish prank to revenge against a company. And while it may seem harmless at first, it’s important to know that the average cost of a DDoS attack, even for small businesses, can be as high as $120,000, which is enough to bring many small businesses to their knees. Big companies can lose millions.
An analogy to illustrate
Imagine a two-lane highway. It is solid, safe, reliable and you drive on it every day without any problems because it does its job. The city put this highway there because they have a reasonable estimate of the number of cars that will be driving on it during the day.
Now imagine a sudden event that causes thousands of cars to try to use this road at the same time. You try to get to the on-ramp, but when you reach the freeway, you can’t get on. The road is completely clogged with traffic, and now you’re going to be late to your destination – if you arrive at all.
This is essentially what a DDoS attack is.
*** This is a syndicated blog from Sectigo’s Security Bloggers Network written by Sectigo. Read the original post at: https://sectigo.com/resource-library/how-does-a-ddos-attack-work