WP The Anatomy of a Distributed Denial-of-Service Attack

The Anatomy of a DDoS Attack [Infographic]

The Anatomy of a DDoS Attack [Infographic]

As a cloud security provider we spend a lot of time answering questions about why organizations are attacked. Who is attacking them? And what’s at stake?

What we’ve discovered is that there’s an entire DDoS ecosystem of criminals, arms dealers and victims. Our infographic shows how distributed denial-of-service (DDoS) attacks come in many forms depending on the cyber criminal’s end goal. It may be a brute force barrage or an application layer injection attack, slowing down your computer or making it difficult to complete your online purchase.

The DDoS Environment

Before we look at how an attack affects you and everyone in your network, here’s a quick primer on what a DDoS attack is.

A typical brute force DDoS attack comes from a botnet – an enormous network of malware-infected devices, often numbering in the millions, that cyber criminals use to lock up your website. Many infected computers and mobile phones are unwitting components of a botnet as people browse the Internet unaware of enabling any malicious activity. This cycle perpetuates itself creating a self-sustaining chain of criminal activity.

At the center are the victims from whom the cyber criminal harvests data or leverages computing resources to conduct a DDoS attack. (See the full infographic at the end of the story.)

DDoS-Infographic inset

The Victims

High-profile DDoS attacks are in the news constantly, but the truth is that anyone with a public web presence (small or large) is a potential target, including:

  • Large corporations
  • Mid-sized corporations
  • Small businesses
  • Political entities
  • Controversial leaders
  • Online personalities

The Arms Dealers

We know the damage a botnet attack can cause. But who creates the traffic surge and how do they do it?

  • The Kit Maker builds user-friendly toolkits that make botnets easily accessible.
  • The Builder uses malware kits to build botnets for herders and booters.
  • The Bot Herder controls botnets via remote command-and-control servers.
  • The Booter sells botnets and toolkits under the guise of server stressers.

The Cyber Criminals

After the malware has been built and distributed, who uses it? And for what purpose? Here’s a short list of perpetrators:

  • The Hacktivist expresses criticism to politicians, governments, or controversial persons or organizations
  • The Intimidator threatens free speech and political discussions
  • The Harasser bullies online users
  • The Extortionist ransoms sites (take a tip from us: don’t give it to them)
  • The Hired Gun makes a living out of DDoSing others
  • The Script Kiddie thrives on the thrill of it or the rights to brag to their peers

Cybercrime and the Bottom Line

DDoS is serious business affecting e-commerce sites and corporate and online assets.

Even though DDoS attacks are often associated with large organizations, research shows that 51 percent of all companies (no matter the size) have experienced a distributed denial of service attack. And on average, all companies face nearly two successful cyberattacks per week.

Seventy percent of DDoS attack victims are targeted more than once. And surprisingly, 35 percent of all cybercrime comes from insiders like employees, contractors, and various business partners.

The Cost of Unlawful Entry

The fallout from a DDoS attack is substantial. The average cost to mitigate an attack is $408,292. In other words, it takes about 19 days (and over $21,000 per day) to resolve the problem. That’s a substantial amount of time, money, and energy.

To break it down even further, here’s a list of areas most financially impacted by a DDoS attack:

  • IT: 35 percent
  • Sales: 23 percent
  • Security: 22 percent
  • Customer service: 12 percent
  • Public relations: five percent
  • Legal: two percent
  • Other: one percent

And There Are Hidden Costs

Beyond the significant financial impact on companies, DDoS attacks can have long-term consequences as well:

  • Business disruption: 39 percent
  • Information loss: 35 percent
  • Revenue loss: 21 percent
  • Other: five percent

Unfortunately, it can take years for businesses to recover both financially and in terms of lost trust. Here’s a breakdown of issues a company will have to address after surviving one DDoS attack:

  • Replacing hardware or software: 52 percent
  • Removing malware installed on the network: 50 percent
  • Losing customer trust: 43 percent
  • Acknowledging theft of customer data: 33 percent
  • Suffering intellectual property loss: 19 percent

The infographic below gives you a visual breakdown of how the DDoS criminal system works. You can learn more about how to protect yourself from cybercrime at Incapsula.com/ddos.