A DDoS (Distributed Denial of Service) attack attempts to overwhelm an Internet-connected asset, rendering it inaccessible to legitimate users. It accomplishes this by depleting a finite resource — usually the sheer volume of traffic an asset can handle — over time, rendering normal use impossible. A typical DDoS attack involves the attacker sending a large number of requests to the targeted asset, with the goal of exceeding the asset’s capacity to handle that type of request. Legitimate users cannot interact with the asset properly because it is now ‘exhausted’ in that area.
A Distributed Denial of Service attack is now one of the most common types of cyberattack. These powerful attacks, particularly in industries and finance, are used to put companies under pressure and demand large sums of protection money. These attacks are also part of the standard repertoire of cyberspies.
𝐇𝐨𝐰 𝐭𝐨 I𝐝𝐞𝐧𝐭𝐢𝐟𝐲 𝐚 𝐃𝐃𝐨𝐒 𝐚𝐭𝐭𝐚𝐜𝐤
The most visible symptom of a DDoS attack is a site or service becoming suddenly slow or unavailable. However, because a variety of causes, such as a legitimate spike in traffic, can result in similar performance issues, further investigation is usually required. Some of these telltale signs of a DDoS attack can be detected using traffic analytics tools:
Unusual amounts of traffic coming from a single IP address or IP range
A large volume of traffic from users who share a common behavioral profile, such as device type, geolocation, or web browser version.
Unknown spike in requests to a single page or endpoint
Strange traffic patterns, such as spikes at unusual times of day or patterns that appear to be unnatural (e.g. a spike every 10 minutes)