How to tell when you're under a DDoS attack

Distributed denial of service (DDoS) attacks are becoming more common - even smartphones can now be used by cyber criminals as the source of these threats. A DDoS attack is normally aimed at a business website, server, IT network, internet service provider (ISP) or even a stock market. Its purpose is to inundate these systems with a massive volume of fake traffic in order to slow the system down or overload it completely.

Any website, server or network that is shut down due to too many fake requests can have a severe impact on revenue and service delivery. In the last two years, there has been a spike in DDoS attacks, so enterprises and small businesses need to ensure that they have adequate protection in place to protect their digital assets.

SEACOM Business offers various cyber security services to companies, including DDoS Protect. This is an intelligent and automated solution that is fully backed by global threat intelligence. DDoS Protect can be set up on-premise, in-cloud or as a hybrid service to prevent and report on these attacks in real-time.

How does a DDoS attack work?

There are three types of DDoS attack. To put it simply, an attacker uses a number of compromised computers or cell phones connected to the internet (called botnets) to send a large volume of data requests to the target site. The main aim is to overload the website, server or network in order to shut it down.

The sheer volume of fake traffic means that once a DDoS attack starts, it can be hard to stop. Even if the digital system does not shut down, it will certainly slow to a snail’s pace which severely affects the user experience or responsiveness of the website, e-commerce platform or server. This leads to lost revenue, costly repairs, inability to deliver services and even ransoms.

How can you tell if a DDoS attack is taking place?

Once you know how it works, there are two simple signs that can tell you if your digital system is under a DDoS attack. If your website, online store, network or server is unavailable for no apparent reason, then this is a big red flag. Secondly, if any of these systems are responding or running extremely slowly, then it could indicate an attack.

These two signs will tell you when further investigation is necessary. But how can you tell if the large traffic increase is legitimate or fake? Generally, when legitimate traffic is trying to access a server, the spike does not last for very long. Sustained spikes could indicate an attack as it is a deliberate attempt to overload the system.

If a retail company experiences a spike on Black Friday, or if a concert website is overloaded at the announcement of a famous band coming to the country, then these can be assumed to be legitimate traffic spikes. If you find that your servers or websites are overloaded at a random time on an uneventful day of the week, then you may need to look into it further.

The best way to investigate a surge in traffic is through analytic tools, such as Google Analytics. If specific traffic sources continue to query certain sets of data long after the Time To Live (TTL) has elapsed, then you could be looking at a DDoS attack. Normally, websites will discard data and requests once the TTL elapses in order to free up resources and processing power.

Simple signs of a DDoS attack

Take note of the following issues if you suspect a DDoS attack:

• Slow or unresponsive website.
• Files, images, content and videos load slower than normal.
• Slow or unresponsive servers that display “Too many connections” or “503” errors.
• Irregular or abnormal traffic patterns, including spikes for no apparent reason.
• A surge in traffic coming from a single device type, location or web browser version.

What to do if you are under attack

If you do not have DDoS protection already in place, then it can be too late once you find that your website or server is definitely under attack. SEACOM Business customers are encouraged to phone +27 11 038 7045 immediately for on-demand support if they suspect an attack. Our DDoS Protect service will automatically monitor, detect and mitigate any threats as they occur.

In addition, the software can reroute traffic to available servers in order to keep your business up and running, even when under attack. This service is fully scalable and flexible so that your needs are always met, no matter how fast your business grows. For more information or to get a quote for our DDoS protection services, email us at marketing@seacom.com or leave us a message.

SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our internet and voice solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.

Need internet for your home? Our subsidiary, WonderNet, brings fast and cost-effective broadband internet to all Africans with a fibre-to-the-home offering.