Everything you need to know about DDos attacks from Brightspot's Chief Privacy and Security Officer, David Habib.
I’ve had a lot of questions about DDoS attacks from customers recently—not just about the technical aspect of mitigating them, but more general questions about the whys and hows.
Frequently asked questions about DDos attacks
What is a DDoS attack?
Are DDoS attacks illegal?
Why do DoS attacks happen?
- DoS attacks are an instrument of digital warfare. Well-funded and well-organized groups of “hackers,” which are sometimes called “Advanced Persistent Threats (APTs),” use them as part of their campaigns to disrupt or disable their enemy. In these cases, infrastructure or communications are often targeted.
- “Hacktivisim,” using cyber attacks to further a social or political agenda, is common. In hacktivism situations, the attackers are often more vocal about the attack and its reasons, e.g., via social media.
- Sometimes a DoS attack is one part of a coordinated, sophisticated attack - maybe it’s a distraction, or maybe it’s to impair a particular subsystem to expose a vulnerability that it protects.
- Finally, and most frustratingly, attacks can happen for no clear reason at all. Attackers may have a personal vendetta, may be honing their skills, or simply enjoy the chaos.
Are DDoS attacks are more frequent today than in past?
Why are DDos attacks more frequent?
- Somebody, using a series of tactics we’ll discuss in a different article, gathers a collection of devices (personal computers, internet-connected thermostats, virtual machines in the cloud) that they have compromised (hacked).
- They link all of these devices together, so that they can instruct them all at once. This linking-together is sometimes called “command and control.” The swarm of compromised devices is sometimes called a “botnet.”
- The botnet owner puts access to their command and control up for rent, probably on a dark web site and payable in cryptocurrency.
- A bad actor, even (especially) one with limited technical know-how and/or modest means, rents the botnet for a few hours, and uses it to attack their target.
Why is my site being singled out for a DDos attack? How can I dissuade people from attacking my site?
- In times of elevated socio-political activity, such as wars, elections, coups, and economic collapse, traditional and social media sites are often targeted.
- Popular and controversial brands often see elevated numbers of attacks. These may be associated with perceived actions being taken (or not taken) by the company, competitive (thought this is uncommon), or personal grudge
- Attacks against cloud providers themselves (Google Cloud, Amazon Web Services, Microsoft Azure) seek to cause as much disruption as possible by disrupting those providers’ customers.
What can I do to prevent a DDos attack?
- Don’t deliberately taunt a particular community, especially a community known for “digital activism”.
- Don’t overcomplicate your site. This is a little technical, but the more “special” things your website does (personalization, dynamic features, chat, forms, polls, trackers, logins) the more difficult it will be to protect the site from attack, and consequently the more attractive your site will be to attackers. If you need those features, of course, use them, and Brightspot has a lot of them. But if you don’t need them, your page performance and your security team will thank you.
- Don’t make unnecessary claims about how secure and hacker-proof your site is, or how you have 100% uptime - even if you believe these things are true.
The sad fact is, DDoS attacks have become a part of what it means to do business on the internet. These attacks are difficult to predict, and can be frustrating—but there are various security tools that can help prevent, or mitigate, attacks that come your way.
David Habib is Brightspot’s Chief Privacy and Security Officer. Brightspot customers can schedule "office hours" with David to discuss this, or any, infosec topic.