What is DDoS?
DDoS is a short word, which represents a lot of pain. It stands for Distributed Denial of Service and is generally found followed by the word “attack”. In a nutshell, DDoS attacks attempt to overload a network resource (such as an internet site) to the extent that it becomes unusable. This is done by flooding it with requests for service so that no legitimate requests can reach the resource.
Who is targeted by DDoS attacks?
There have been several known (or rumoured) DDoS attacks over recent months. In March one of the fiercest assaults seen so far on the net was launched against anti-spam organization Spamhaus. As the organization exists to try to eliminate spammers from the net, they were well aware that they were a target for DDoS and had plans in place to deal with the threat. Thanks to their foresight, they were able to restart their core services after minimal downtime, although even they were taken aback by the sheer scale of the bombardment.
Organizations vary widely in their understanding of DDoS attacks and even more widely in the extent to which they are prepared for them. While banks and governments may know that they are clear targets, even they can be caught off-guard. Last year Visa, Mastercard and Paypal all found themselves on the receiving end of DDoS attacks after they blocked payments to Wikileaks.
While large-scale attacks of this nature are the ones which make mainstream news, the reality is that any organization (or even private individual) can be a target. It’s impossible to know the true extent of DDoS attacks for the same reason that it’s impossible to know the true scale of almost any crime- much of it goes unreported. In the case of DDoS attacks, organizations often fear the repercussions of being perceived to be insecure (by being open to attack) more than they fear the actual DDoS attack itself. Many DDoS attacks are straightforward attempts to extort money from businesses, but some are launched in response to a perceived slight or injustice. The simple reality is that almost anybody can be a target so it is only sensible for organizations (and individuals) to have a strategy in place to deal with them.
Even organizations which are large enough to run their own IT teams are well advised to reach out to specialist IT security companies for help in managing the DDoS threat. These companies not only have significant expertise in this area, but can take a fresh look at how an organization’s systems are managed and spot potential issues, which might otherwise have gone undetected. Their input can save organizations expense, inconvenience and embarrassment.