The What and Why of DDoS Attacks


By Dan Nichols on 23rd September, 2016.

The What and Why

Ensuring your website and application is available and working efficiently is a top priority for any online business, especially if that website is transactional and driving revenue. But even if it’s simply there to provide a vital touchpoint for prospective customers or stakeholders, interruptions to your service can have powerful negative repercussions, from losing revenue, customers, reflecting badly on your brand, even through to legal action.

It’s one thing knowing just how important a website is to your business, and how damaging disruptions to your online service are, but actively combatting potential attacks on your online presence is another. The truth is, whether motivated by money, politics, or competitive strategy, Distributed Denial of Service, or DDoS attacks, are becoming more common and sophisticated as the web develops. Designed to make a website or app unavailable to legitimate users, DDoS attacks are a reality any modern business needs to prepare for. But how do you form a plan for DDoS mitigation? And why does it happen in the first place?

What is a DDoS Attack?

To start, it’s worth having an idea of how a DDoS attack is run. We won’t go into the technical nitty gritty in this article, but ultimately there are numerous ways to target your network, with cyber criminals constantly developing new attack styles and methods as quickly as effective counter-measures can be put into place. From repeatedly targeting slow or poorly performing functions within your website or applications to exhaust system memory, to off the shelf DDoS kits that give botnet access to initiate a distributed attack, DDoS can range from sophisticated and co-ordinated, to straightforward and brutal and everything in between.

Understanding how advanced and varied these attacks are is important, particularly when you start the process of examining your current or future mitigation measures. The ultimate goal of an attack is to make a website or online application unavailable to legitimate users and keep it that way to cause as much disruption and negative fallout as possible.

DDoS in Today’s World

As the web grows in complexity, the skills of criminals develop as well, so DDoS attacks continue to develop in size, frequency and complexity to match this increasingly sophisticated environment. This presents a big challenge for businesses from both a security and technical standpoint.

It also means that any company with an online presence is a potential target, so having an idea of what they can do, and how to protect your business against the worst case scenario has never been more important. To recognise what cyber-criminals can really do to your site, just look at recent high profile cases like HSBC’s online knock-out at the beginning of the year, or the BBC’s huge loss of service, a few months ago. Despite these being big, high-profile names, any company with a website is a potential target. This means that every organisation should seriously consider protecting their platform.

DDoS Motivation

There are a myriad of reasons behind DDoS attacks. Take for example disgruntled ex-employees with an axe to grind, competitive rivalry, extortion, or political motivation, known as hacktivism. Hacktivist organisations tend to focus on causing disruption and dismay, as opposed to the theft of data for criminal profit. Some attacks are even launched as training exercises for bigger operations or just because that individual can.

DDoS motivation for some hackers is financial too. It can be a way of making a living, although the going rate can be as cheap as £10 for an attack on a target company. Hackers willing to perform DDoS attacks can be found on YouTube, and payments sent via PayPal – a very modern, internet age criminal activity. When you start to look more closely at DDoS, the scale of the problem can really be seen. It can be inexpensive, and it’s all too easy to source the people with the skills to perform an attack.

The Reality of a DDoS Attack

So what happens if your website is under attack? The immediate effect is that it can bring your site down for anything from a few hours to days, causing massive disruption to your business critical applications online. But the lasting damage extends much further than your website or app. These kinds of outages can damage the perception of your business and can generate serious complaints from customers, putting additional strain on your business through increased call levels for your team to deal with as customers try to find out what’s going on.

Getting everything back online can be costly and time consuming too, heaping additional pressure on your IT department. The downtime and repercussions of DDoS not only results in increased costs and both direct and indirect loss of revenue, but negatively impacts brand equity, which can cause lasting, long-term damage to a business.

Prevent and Plan

The threat of DDoS attacks is always there. The consequences of one can be bleak. The question is, how do you protect against this and keep your business safe?

Mitigation against such malicious activity is important to consider, along with a plan for effective recovery should the worst happen. Although the thought of an attack is an overwhelming prospect, facing those fears and working efficiently with the right counter-measures to get things back on track will stand you in good stead.

Your hosting service provider will have access to the resources and professional advice you need to help you deal with potential attacks. As the experts, they will have the latest insights into DDoS and they’re the logical place to go when it comes to putting a plan and systems in place. If you need DDoS mitigation support or advice, simply get in touch with our friendly team here, at Secura.


Dan Nichols

Chief Technical Officer

As Secura’s CTO, Dan is responsible for the team that design, build and maintain our cutting edge cloud hosting infrastructure. He is also the dishwasher police – stack it or else.

Tweet me at:
@securacloud