DDoS stands for Distributed Denial of Service. DDoS is a type of cyberattack that tries to make a website or network resource unavailable. An attacker coordinates the use of hundreds or thousands of devices across the internet to send an overwhelming amount of unwanted to the target, which could be a company’s website or network.
Almost any type of internet-facing connected device could be a potential DDoS resource: Internet of Things (IoT) devices, smartphones, personal computers, and powerful servers.
Packets of data are used to communicate on the internet. A DDoS sends unwanted packets, which can be very large packets with lots of data, small packets very rapidly, or packets that require extra processing. It can also make the targeted device waste time waiting for a response that never comes. The target is kept so busy dealing with malicious packets and improper communication methods that there is little or no time left to respond to normal incoming requests – so legitimate users are denied service.
A DDoS attack, also simply called a denial of service attack or DoS attack, is used for the purpose of creating an outage or slowdown of a website, web application, web API or network. An attack can cause downtime for minutes, hours or days – and prevent legitimate users from buying products, using a service, or getting information from the target.
One or many Internet-facing organizations may be affected by a single attack. An attack that disrupts a common service relied on by many websites, such as a domain name system (DNS) service, can create a wider outage. As a result, DDoS attacks are a significant threat to enterprise and application security and business continuity.
DDoS has become more powerful and more sophisticated over time. Attackers discover new ways to use exposed resources on the Internet, identify software vulnerabilities and exploit old ones, and figure out how to get around cybersecurity systems. Entrepreneurial attackers innovate: creating easier-to-use attack tools, learning how to generate more attack traffic, and renting bigger and more powerful botnets at affordable prices.
The largest DDoS attack we have observed and mitigated peaked at 1.3 Tbps. Attacks greater than 300 Gbps occur more frequently.
Attackers have different reasons for denial of service attacks including: hacktivism, script kiddies, financial manipulation, extortion, digital warfare, and harming competition.
DDoS can be launched in two very different ways. With a botnet, the attacker must first infect and control many devices with malware. With reflection methods, an attacker does not need to control the resources, and instead uses the normal behavior of common Internet protocols and software to cause devices to send unwanted data to the attacker’s target.
Spotlight: Botnet attack
A variant of the Mirai (Satori) botnet involved more than 650,000 unique IP addresses. Internet of Things and customer premises equipment (CPE) devices are infected with malware. Once infected, a new bot joins its peers in scanning for additional vulnerable devices. Infected devices under an attackers control are commandeered to send DDoS traffic or perform other malicious tasks.
Spotlight: Reflection attack
The largest DDoS attack Akamai has mitigated was fueled by a reflector, memcached. This reflection and amplification attack targeted one of our software clients and exceeded 1 Tbps. Memcached was developed to act as a distributed memory caching system. Since the protocol uses an insecure internet protocol, and carries the potential for tremendous amplification, it has the key traits of a powerful reflection-based attack vector.
DDoS costs of $1.7 million per year per organization were identified in a survey of more than 500 IT and IT security professionals by Ponemon Institute. Five sources of cost are ranked: unavailable services, technical support, operational disruption, user productivity and theft or damage to assets.
DDoS mitigation prevents malicious traffic from reaching its target, limiting the impact of the attack. Watch the video to see mitigation in action.
DDoS mitigation filters out malicious traffic to prevent it from reaching its target. Attack traffic is blocked by either of these types of mitigation services: a DDoS scrubbing service, cloud-based DNS service, or a CDN-based web protection services. Cloud-based mitigation removes attack traffic before it reaches the target.
Unlike CDN-based mitigation, a DDoS scrubbing service can protect all applications in the data center, including web- and IP-based applications, even those not already being delivered by a CDN service. A DDoS scrubbing service utilizes BGP to route network traffic through its global scrubbing centers, where it can inspect the traffic for, and mitigate any identified DDoS attacks. A DDoS scrubbing service can be available both in on-demand and always-on configurations depending on an organization’s security posture.
A website protection service provider utilizes its CDN to provide network- and application-layer security for websites, web APIs and web applications. As a cloud-based proxy, the networks sits in front of IT infrastructure and delivers traffic from end-users to the websites and applications. The cloud platform examines network traffic for known attack patterns and passes only legitimate traffic. These solutions operate inline, so web assets are protected at all times without human interaction. Specifically built to handle large volumes of traffic, a CDN can be a DDoS-resilient platform.
A DDoS protection service is a cybersecurity provider that will detect and block DDoS attacks as quickly as possible – ideally in zero or a few seconds from the time that the attack traffic reaches the protection service. Because attack vectors keep changing and attack sizes keep getting bigger, to achieve the best DDoS protection a provider must continually invest in, develop and deploy tools and rules to detect, orchestrate and mitigate attacks.
With a strong DDoS protection strategy and runbook in place, organizations can protect against and limit damage from DDoS attacks. The high capacity, high-performance and always-on anti-DDoS protection of cloud-based solutions can prevent malicious traffic from reaching a website or interfering with communication by a web API. A cloud-based scrubbing service can quickly mitigate attacks that target non-web assets, such as network infrastructure.
With cloud-based DDoS protection solutions for websites, web APIs, infrastructure, and DNS, Akamai can help you keep your applications and IT services available even through the largest attacks. Mitigating thousands of attacks every month, the Akamai Security Operations Center (SOC) sees new attack vectors before anybody else and institutionalizes lessons learned as to how to stop DDoS attacks fast. Akamai is a leader in DDoS protection.
Largest DDoS mitigation platform
With 70+ Tbps capacity
With industry-leading time-to-mitigate SLAs
Architected for 100% uptime and minimal collateral damage
For 24/7/365 attack support
Stopping thousands of attacks every month
Protection Since 2003
Stopping DDoS attacks in the cloud since 2003