In the first half of 2022, the number of malicious DDoS attacks climbed 203% compared to the first six months of 2021. That's not a record worth celebrating.
In August, Google blocked a distributed denial-of-service (DDoS) attack of 46 million requests per second. The attack was 76% larger than the previously reported record, illustrating that DDoS attacks are increasing in frequency and growing in size exponentially.
What is a DDoS attack?
There are two levels of attacks we're talking about here – a denial of service (DoS) and distributed denial of service (DDoS) attack. In general, both malicious attacks seek to block users of the ability to access certain internet services by flooding the targeted system with massive fake traffic. Since servers are built to withstand a certain pressure, like a bridge with weight warning labels, the system clogs as soon as there is too much traffic, and the bridge might collapse.
A DoS attack is usually conducted by one malicious actor or just a few devices under their control. If someone has a grudge against their workplace, they can try to overwhelm web servers with requests and block access to important information to other employees.
But one computer can't make that much of a difference, and that's where botnet comes in. Bots are hijacked machines all around the globe. Through various means, mostly phishing or fake file downloads, malicious actors infect the computers of a large number of users and harness them to launch an attack.
This is where we go from the denial of service attack to the distributed attack. Since the system is attacked through multiple entry points, as you can probably guess, negating this kind of attack is much more difficult.
Could last for hours or even days
The first ever recorded DDoS attack happened in 1996. Panix, an internet provider, was taken offline for a few days. The malicious actors used the Syn Flood attack to send unfinished connection requests, thus flooding servers and disrupting network service distributions.
This attack was really small, but back then, even a very small bot network could do the job. Since 1996, DDoS attacks have grown in size and frequency exponentially.
In fact, in 2007, Estonia fell under one of the biggest DDoS attacks in history that lasted for over 22 days. That's 22 days when all the main governmental websites and servers were constantly attacked by what was believed to be a destabilization attempt from a foreign government. Another big one happened in 2015 when the attackers from China targeted two anti-government projects on GitHub and managed to cripple this website for several days.
Most of the time, business vendors, gaming services, or bank servers fall victim to a DDoS attack. For example, in 2018, the Danish rail operator DSB experienced a DDoS attack, taking down its ticket buying system, slowing down trains, and costing lots of money.
Another example is the Mirai botnet attack, where in 2016, hundreds of Minecraft servers were targeted with a widespread attack. What's even worse in this case, the botnet went "rogue," attacking various different servers around the east USA.
However, a DDoS is also kind of like a tool, and a tool can be used both for good and bad. As we saw with the Russian invasion of Ukraine, where hacktivists and Anonymous banded together to create an insanely large bot network and target Russian government structures and pro-Russian websites. These types of cases blur the lines between crime and a necessary evil.
Is there any way to stop DDoS attacks and protect your website? You need to monitor your network for any changes and be able to act fast. Have a backup plan ready, like contacting your ISP provider or using Cloudflare UNDER ATTACK mode to reroute traffic.
Next, don't spare expenses on a good and secure hosting provider and buy a Virtual Private Server or Cloud hosting plan. For example, Hostinger uses advanced hardware firewalls and other tools for DDoS mitigation.
On your local network level, a VPN is a very effective method to add a protection level from DDoS attacks. Most VPNs have lots of measures to mitigate these types of attacks, but even in general, VPNs mask your real IP address, meaning that when an attack is launched against you, all that malicious traffic will go to the VPN's IP and not yours.
More from Cybernews:
Subscribe to our newsletter