DDoS Attacks: The What, the Who and the Why

What is a DDOS? Why am I being targeted and who is attacking me? What do I do now? These are some of the many questions I have heard over many years of handling DDoS attacks at BMIT Technologies.

BMIT Technologies has been in this business for almost 20 years, and we have seen many DDoS attacks. Over the years there were many changes, in size, attack vector, methodologies but one thing remains a constant: The attacker wanting to shut down the operations of the targeted “victim”. One might even say it is a perennial game of cat and mouse were the mouse (the attacker) is always looking for new ways to bypass the cat (security systems) and steal their cheese (bring down their target). Here are some of the most common questions we receive.

So what is a DDOS attack?

In simple words, a Distributed Denial of Service (DDoS) attack, is nothing more than a malicious attempt to bring down a website or a service. This is achieved by either flooding (we call it “over subscribing”) the connectivity of the service or overuse the resources available to the service. To give a simple example: if a customer is serviced by a dedicated Internet line of 100Mbps and suddenly the attacker is sending ten times more (1Gbps) of traffic, the connection becomes oversubscribed with the result being that the customer’s websites/services become unreachable. It is worth noting that a flood is the simplest form of attack. There are many attack vectors. In fact, in recent years multi-vector attacks have become the most common type of attacks.

But why me? Who is targeting me?

There are many reasons why this happens, most attacks are an attempt at extortion. It is very common that either prior or after an attack you will receive an email to pay an amount of money, in bitcoin of course, to avoid being attacked. But this is not the only reason. This attack could be the result of competition. Indeed, many organisations believe that there was at least one instance of attack originating from competition.  The DDoS attack could also be instigated by an angry previous employee or just a script kiddie who wants to have some fun. These are all possible scenarios, especially when you realize that a DDoS attack can be very cheaply bought. On the Dark Web you can buy an attack for as low as USD10per hour. This makes the DDoS attack accessible to anyone.

So what do I do now?

When facing such a threat you need to stand up, subscribe to a DDOS mitigation service, and fight. Never surrender and pay the extortion, as the attacker will demand more and eventually end up still attacking you. Indeed, the sentiment is correct, the successful mitigation of an attack is possible if and only if both you and the service provider work together to fine tune and personalize the countermeasures to your traffic profile. One of the most common pitfalls is that during the attack, the mitigation is switched on and left on its default settings without parametrisation and fine tuning. Although this might work, most of the times it will not as there are instances that mitigation will result in collateral damage on traffic towards the customer’s payment gateway or an offsite control office, effectively bringing down the operations even though the attack is being mitigated. The suggestion here is that you get a service provider that can actively manage your connectivity during an attack, with your support. you   Get a multi-tiered DDoS mitigation service, document all your external partners and be prepared. You will never know when an attack will hit you.