Understanding DDoS attacks: Types and tactics

It is impossible to overstate the detrimental effects that distributed denial of service (DDoS) attacks have on businesses as they have grown in frequency over the past few years. Gcore reported that in the first half of 2023, most DDoS attacks lasted less than four hours. However, the longest one went on for seven days, 16 hours and 22 minutes.

The maximum attack power for modern DDoS attempts can be as high as 800 Gbps – rising year-on-year from 300 Gbps in 2021. These stats paint a stark picture of the rapidly-evolving landscape of cyber threats and DDoS attacks.

Cyber criminals are constantly coming up with new ways to take advantage of weaknesses in network and internet infrastructure as technology advances. Therefore, it is crucial for businesses to understand DDoS attacks and how to put adequate defences in place.

What exactly is a DDoS attack?

Let’s use an analogy to better understand a DDoS attack. Imagine 5000 trucks arriving at your office gate simultaneously while travelling at 100 km/h along a single, narrow road. Will your gate and padlock be enough to stop the trucks? Or would it be better to include multiple defences along the road?

Despite being an extreme case, this analogy offers a helpful example for comprehending a DDoS attack. It is a kind of cyber attack that seeks to saturate a network or website with so much traffic that it is unable to continue to function normally. The end result is that your network crashes and your employees or customers lose access to your digital platforms, website and e-commerce stores.

Types of DDoS attacks

There are three primary forms of DDoS attacks – volumetric, protocol and application layer attacks.

1) Volumetric attacks - The purpose of volumetric attacks is to overrun the bandwidth and deplete the network resources by flooding a network or website with a significant amount of traffic, typically produced by botnets.

2) State of exhaustion attacks - These are attacks that render a target inaccessible by exploiting a weakness in the Layer 3 and Layer 4 protocol stack.

3) Application layer attacks - These are more focused and target a specific application or server by delivering a lot of demanding requests. They can target particular features of the application and may take advantage of application layer vulnerabilities.

Tactics behind DDoS attacks

There are two basic tactics used by DDoS attackers. The first tactic is to use botnets. These are networks of malware-infected computers that the attacker controls remotely. The attacker orders the botnet to bombard a company’s network or website with exaggerated traffic.

The second tactic is amplification, where a third-party server or computer that is unsuspecting is used to amplify the traffic in the network. These protocol attacks consume all the processing capacity of the target or intermediate critical resources, like a firewall, causing service disruption.

The importance of DDoS protection for large-scale businesses

Large organisations, which are more likely targets for cyber criminals, are disproportionately affected by DDoS attacks. By causing downtime and service outages, businesses could lose revenue, damage their reputation and suffer from other indirect financial impacts. These attacks may also be a cover for more sinister activities including the theft of private data, which may result in data breaches and legal action.

A multi-layered strategy is necessary for effective DDoS protection. Employing traffic filtering, rate limiting and installing firewalls, intrusion prevention systems (IPS) and intrusion detection systems (IDS) are a few of the mitigating strategies that businesses might use.

Traffic filtering involves closely monitoring traffic in and out of the network to detect and block malicious traffic, while rate-limiting involves setting thresholds to establish maximum allowable traffic. To stop, identify and respond to DDoS attacks, proactive tools like IPS and IDS are used.

DDoS attacks are a serious threat to the South African business community. Enterprises need cutting-edge cyber security solutions and DDoS protection in place as technology develops and hackers grow more skilled. Adapting to the constantly changing threat landscape, managing cyber risks and implementing efficient mitigation techniques are crucial components of doing business today.

With cutting-edge DDoS security technologies and practices, SEACOM is prepared to help businesses minimise the impact and likelihood of such attacks. Our DDoS Protect service automated and fully managed to provide advanced detection and mitigation. For more information about our cyber security services or to get a quote, email us at marketing@seacom.com or leave us a message.

SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our internet and voice solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.