If your website is a shop, Distributed Denial of Service (DDoS) is like sending in a mob that doesn’t let your customers get in. Imagine tens of thousands of fake shoppers eating up your resources, all at once.”  

DDoS has emerged as a huge problem for businesses across the world. Hackers or competitors use this attack to target critical web resources with overwhelming traffic, which eventually makes the server unavailable to fulfill genuine requests. The rent-a-bot services, offering fake traffic at as low as $5 an hour, virtually put every business at the risk of an attack.

Take a look at some recent findings that provide a glimpse into the lethality of a DDoS attack.

  1. DDoS attacks cost banks up to $100, 000 per hour.
  2. 20% of such attacks last for days and even months.
  3. 87% of the attacked companies were hit more than once.

No matter what business you’re in, keeping a business application up and running is critical to your brand’s reputation, and hackers want to target this weakness with DDoS attacks. The unpredictability of these attacks makes it difficult to prepare for them, which further incentivizes criminals to take action.

How can you protect your web resources from such a malicious strike and stop DDoS attacks? Let’s learn more about the application layer DDoS problem, DDoS protection, and how your business and data centers can defend against DDoS attacks.

Step 1: Understand That Every Business Is Vulnerable

While many DDoS attacks are motivated by revenge, politics, trolling and terrorism, money is frequently involved. According to cyber security analysts, ransom and blackmail are the most common motives behind DDoS attacks. Hackers disrupt web services and hold it against a ransom. Hackers ask for heavy ransom amount, which when paid, leads to the attack being stopped and services made available to customers.

How-to-stop-DDoS-Attack

Similarly, competition motivates people to bring down better performing rivals while revenge from disgruntled employees leaves a similar impact. Politics, terrorism, war, and diversion techniques cloaking some other hacking attempts are also common reasons for carrying out application DDoS attacks.

Primary Attack Motivation:

How-to-stop-DDoS-Attack

Step 2: Deploy Protection Tools

Network DDoS: Network layer DDoS attacks try to exploit the network by sending in more data packets than what a server can handle, or abusing bandwidth beyond network port’s ability. These are often reported in media due to their record-breaking volumes.

Application DDoS: On the other hand, application layer attacks are more silent and smaller in volume but cause far more damage. Since most companies deploy their resources on the cloud, hackers now explore attack options beyond the network layer.

“These attacks are also more prevalent due to lower resource requirement. For instance, an application on Amazon Web Services (AWS) can process SYN flooding of up to 200,000 packets (‘elastic bandwidth costs’ is a different discussion altogether). However, the same AWS server instance can be brought down by a meagre 500 HTTP requests per second when the application runs on CMS (Joomla or WordPress).”

Do you see the difference? 500 HTTP requests per second is a cheaper attack to execute.

More sophisticated Layer 7 DDoS attacks not only bring down the server but aid in data breaches too. In such an attack, California State University at Sacramento lost 1800 social security and driver’s license numbers from its staff. Attackers used multiple compromised systems to trick the DNS server into leaking the authentication security code.

How-to-stop-DDoS-Attack

What is a web application firewall?

A web application firewall is the best defense against most common types of application DDoS attacks. However, complete automation doesn’t offer the best network security. Managed Web Application Firewall filters Layer 7 traffic and feeds data directly to cyber security experts who can recognize malicious chunks of traffic trying to bring your services down. Once identified, they apply rules and policies to block such attacks based on bot signatures, malicious IPs, and so on. It helps you stop a DDoS attack effectively.

How-to-stop-DDoS-Attack

Step 3: Monitor Application Traffic Continuously

Nothing can prepare your business to detect and prevent DDoS attacks better than continuous monitoring. Security experts can differentiate sudden spikes in traffic from bot traffic. Eventually, such monitoring delivers actionable data on attack vectors to define prevention policies.

An application layer distributed denial of service attack is initiated by hiring machines, bots, or by taking control of remote systems. These components are used for generating fake requests to a targeted server. With such a large number of fake requests, cyber criminals try to make the services of an application or server unavailable for hours, days or weeks. A successful DDoS attack can eat huge chunks of the bandwidth, processing speed, and memory to slow down and/or disrupt applications.

How-to-stop-DDoS-Attack

The ease of availability makes an application layer DDoS attack more lethal than a similar network layer attack. Anyone can purchase custom coded DDoS module and launch it on any desired web application. In fact, with a little knowledge of underground markets, a basic DDoS attack will not cost the perpetrator more than a few hundred dollars. While there are different types of sophisticated DDoS attacks, this is the most common.

When compared to the network layer DDoS, application DDoS is much easier to execute. It requires lower computing power and fewer systems, which still leads to catastrophic results (a primary reason why application DDoS is becoming more prevalent).

Take Slowloris attack for example. Slowloris was originally created to show how a single machine could keep multiple connections open simultaneously for long periods, ultimately crashing the server. Slowloris has become more sophisticated over time, and still just requires up to a few machines (that generate several thousand requests each) to cause a server to run out of connection pools and crash – making it a huge threat.

Think Application Layer

Application vulnerability exploits that triggers application distributed denial of service are also worth a mention here. Several honeypot operations have shown that attackers can exploit BASH vulnerability to plant malware bots that accept multiple commands including UDP, JUNK, and TCP flood to carry DDoS. Likewise, there are a myriad of other application vulnerabilities that can be exploited to facilitate attacks.

When it comes to DDoS mitigation, there is no silver bullet technology that can solve every problem. With multiple attack vectors, on-going attack techniques, and zero day vulnerabilities, automated technology alone is bound to fail. It cannot protect against all threats while also ensuring legitimate traffic doesn’t suffer. That is where the human experience and decision-making skills come in. Continuous expert monitoring with actionable insights is the most effective combination of DDoS security that can prepare organizations with a proactive defense strategy.

Step 4: Inhouse DDoS Security or Managed App Security

You can hire and train security professionals with Layer 7 experience to stop DDoS and other application security risks in house. A dedicated team can monitor attacks and take actions efficiently.

However, with the shortage of experienced cybersecurity workforce and massive costs involved in hiring and managing such teams, newage businesses invest in managed application security vendor. Such a team not only offers 24 × 7 traffic monitoring and DDoS attack mitigation, but complete application security including:

  • Latest security notification to protect your applications from known vulnerabilities.
  • Periodic penetration testing.
  • Business logic tests on all applications to find vulnerabilities, zero day threats and automated application risks.
  • Custom WAF rules to block attacks (via virtual patching).
  • Tracking malicious behavior of an attacker initially versus simply blocking the attack.
  • 24/7 monitoring to gather information such as IP address, User ID if authenticated, GEOlocation, navigation/user behavior and machine fingerprint that can help gain intel about the attacker’s methodologies to use that information in creating more aggressive blocking rules from these attackers.

Need help protecting your business from DDoS attacks?

Choose Plan

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.