Which three words immediately strike fear into any businessperson’s heart, in any industry? “The website’s down!”
Websites go down for many reasons. A denial-of-service attack (DoS attack) is one of the most distressing.
Denial-of-service attacks are rising. In Q3 of 2024 alone, the cloud IT service provider Cloudflare mitigated nearly 6 million distributed denial-of-service (DDoS) attacks (a specific and complex form of DoS attacks, discussed below). That activity represented a 49% quarter-over-quarter increase, and a 55% increase year over year.
Helping your clients understand denial-of-service attacks is essential for developing their defense strategies and protecting their digital presence.
Read on for knowledge you need to help them protect their websites—not to mention their revenue and their reputation—against this pervasive threat.
What Is a Denial-of-Service Attack?
A DoS attack aims to shut down a machine or a network. A malicious actor will make the machine or network’s services unavailable to legitimate users by overwhelming it with junk traffic. Unlike normal traffic, junk traffic has fake return addresses the targeted server can’t authenticate.
What Is a Distributed Denial-of-Service Attack?
A distributed denial-of-service (DDoS) attack is a more powerful and complex, large-scale denial-of-service attack. Threat actors use multiple sources of malicious traffic to flood the target server. A DDoS attack can be harder to detect than a single-source DoS attack.
What Are Some Common Types of DoS and DDoS Attacks?
Both denial-of-service and distributed denial-of-service attacks can cause businesses and other organizations to experience significant disruptions in service availability, financial losses, and damage to their reputation. Knowing some common forms these attacks take can help in planning defenses against them.
DoS and DDoS attacks generally fall into one of three basic categories:
Volumetric Attacks
Volumetric attacks are the most common. They consume substantial amounts of bandwidth by sending a massive volume of malicious traffic to the target network.
Attackers often use botnets—a network of compromised devices—to create this malicious traffic. They may send a large number of User Datagram Protocol (UDP) or ICMP (ping) Echo Reply packets to the network. Unable to respond to each packet, the network is quickly overwhelmed, compromising service or stopping it altogether.
In 2020, Amazon Web Services (AWS) experienced a significant volumetric denial-of-service attack. The AWS team needed several days to fend off the assault and secure servers. The scale of this attack highlighted the vulnerabilities even major cloud service providers face.
Protocol Attacks
Protocol attacks exploit vulnerabilities in network protocols. These attacks typically target layers 3 (Network Layer) and 4 (Transport Layer) of the Open Systems Interconnection (OSI) model of computer network communications.
Attackers can use weaknesses in such standard protocols as HTTP (Hypertext Transfer Protocol), DNS (Domain Name System), or SIP (Session Initiation Protocol) to launch these attacks.
In 2023, Google Cloud intercepted a staggeringly large DDoS protocol attack. It exploited a flaw in HTTP/2 protocol and, in only two minutes, generated 398 million requests per second (rps)— “more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.”
Application-Based Attacks
In contrast to volumetric attacks, application-based attacks target weaknesses within web applications themselves. By overloading specific app functions, the attacker makes the app unavailable or unresponsive to legitimate users.
For instance, a Slowloris attack sends a steady stream of partial HTTP connection requests to a web server, keeping them open for as long as possible without completing them. By doing so, it occupies server resources and prevents legitimate users from connecting, effectively taking the application offline. Slowloris is particularly insidious because it requires low bandwidth and minimal technical expertise, and it can be launched from a single machine.
In 2024, a DDoS application-based attack hit Microsoft’s Azure cloud services, causing intermittent service errors, timeouts, and sudden latency increases for about eight hours. To make matters worse, Microsoft’s own initial mitigation efforts may have amplified the attack’s impact.
What Motivates DoS and DDoS Attacks?
Threat actors carry out denial-of-service and distributed denial-of-service attacks for a wide range of reasons, including:
- Financial Gain
Some attackers threaten an attack unless a ransom is paid. This crime is cyber extortion, and payment does not always guarantee the attack will stop.
- Political Activism
Some hacktivists use these attacks to make a statement or protest. They might target a government website or large organization to disrupt services and draw public attention to their cause.
- Competition and Market Disruption
Disregarding the unethical nature and potential legal consequences of DoS and DDoS attacks, some businesses may use them to get an edge over their competitors. By disrupting a rival’s online services, they aim to tarnish their target’s reputation or drive down their sales.
How Can Organizations Defend Against DoS and DDoS Attacks?
To protect against these attack types, businesses and other organizations need effective defense strategies to help prevent disruptions and maintain service availability.
- DoS and DDoS Mitigation Services
Automated mitigation services use advanced techniques to filter out harmful requests and block malicious traffic in real time, before it reaches the targeted network. They can identify potential threats and attack patterns, mount immediate responses, and help keep systems running and safe. - Infrastructure Readiness
Organizations must make their networks ready to handle sudden spikes in traffic. Robust and elastic networks can distribute incoming traffic evenly across servers, scale resources up or down as needed, and rely on redundant systems should other systems fail. - Traffic Filtering and Rate Limiting
Filters identify and block an unwanted flood of traffic. Rate limiting caps the number of incoming requests a server will accept from a single source within a certain time frame. Both of these proactive measures can strengthen defenses.
What Part Does Cyber Liability Insurance Play?
Cyber Insurance provides crucial financial protection for businesses and other organizations facing repercussions from denial-of-service attacks.
By covering costs associated with network downtime, data recovery, and loss of income during an attack, Cyber policies allow companies to rebound more swiftly and maintain operational continuity.
These policies can also cover legal expenses and regulatory fines resulting from data breaches that may occur during such incidents. And they often include access to expert cyber security resources, including incident response teams and legal counsel, to help businesses mitigate the damages from DoS and DDoS attacks.
Brokers who register with ProWriters can use powerful, proprietary technology that makes researching, quoting, and selling Cyber Liability Insurance simpler and faster than ever.
Register as a ProWriters broker today to secure Cyber coverage that will help your clients deal more rapidly and effectively with the fallout when “the website’s down,” whether due to a denial-of-service attack or another cyber threat.
