The DDoS Lay of the Land: Hack Attacks, Zombies, Warehouses, and Moats.

The DDoS Lay of the Land: Hack Attacks, Zombies, Warehouses, and Moats.

Imagine you have a warehouse. It has one front door for staff and customers and one loading bay in the back. You have a security company that rotates two security personnel to walk around the perimeter of the warehouse every hour and go inside the building to monitor the security system, cameras, and alarms.

The expectation is standard: make sure the building is secure, nothing questionable is happening, no alarms going off, and all systems are good.

That's when the dreaded zombies show up. A lot of them. They're not particularly smart, they don't seem to have any strategy, but they do want to get in that front door and all they have are rings of random keys they've stolen over the years. They are swarming around your door and entryway randomly each trying whatever key they have on them to see if any one of them will get into your front door. They're not going to be successful because your locks are modern and secure and the keys are totally random, but they keep trying – because they're zombies.

For hours they keep going and going, not getting anywhere, but there are so many of them trying their keys in your door that your real customers can't get in to see you now. The zombies are stuffing your doorway in sheer numbers.

After two hours they just stop, turn away and disappear – only to show up again two hours later at your loading dock. They're doing the same thing, trying to get in that loading dock door, lifting, pushing, trying keys; again nothing's going to work because your building is sound but now you cannot get any shipments out because they're filling up your loading zone entry. They keep at this for two more hours.

Welcome to the world of DDoS. Distributed Denial of Service attacks are like a zombie swarm around your business' digital entrances. They're not that bright, they do have a blunt but simple motive – get in and change things, or steal things.

 

"Zombies" is actually a real term

The "zombies" analogy may be a fun visual, but it's also a bona fide term applied to DDoS botnets, which are collections of compromised computers and servers that have been surreptitiously "taken over" and being used for DDoS' nefarious purposes.

 

Let's get the motivations out of the way: why? Why is DDoS a thing anyway?

Money. Deception and Disruption. Social or other Hacktivism.

Money or Data: if the DDoS perpetrator is able to gain any small thing from their attack such as ransomware, they can hold your company for money. Pretty simple; they get in, lock your company systems down, and you must pay a price to get it all back. Pure data theft is a similar brute-attack motivation, personal and payment information being top of the common list.

Deception and Disruption: a more targetted deception approach to get your security attention paid elsewhere while attempts may be made in a different area.

Hacktivism: someone wants to make a point. They feel the need to "bring down" a site or system as part of a broader protest or aggression against an organization or institution.

In technical terms, DDoS attacks come in different flavours which we won't get into in this article, big, small, attack in one area (protocol or service) or another. 

 

Distributed Denial of Service attacks are like a zombie swarm around your business' digital entrances. 

 

If you find yourself under attack regularly

You are not alone, DDoS attacks grew sharply from 2015-16, jumping even faster – exponentially – from 2016 through 2019.

The kinds of DDoS attacks did start to change in tactics and region, but fundamentally, the result is the same – disruption or worse. 

There are Next Steps

Most hosting and server plans have some measure of DDoS risk mitigation, either built in or as a simple add-on. In limited circumstances, these tools can work fairly well.

Beyond this, however, the attacking zombies need to be kept away from your main servers otherwise they will overwhelm standard security measures and tools. There are a number of perimiter, firewall, load balancing, server clusters, and geo-location DNS routing tools to take this next step; for the most part these strategies are very powerful and successful.

Effectively for your growing digital business, should DDoS attacks persist at heavier and heavier scale, you'd place a digital moat around your warehouse, with multiple checkpoints for entry with additional and smarter security guards deciding whether a visitor is legitimate, or a zombie with a ring of stolen keys before letting them through to your front door and loading docks.

None of this is new, but it is growing, and there are well established measures to manage risk. If you find yourself experiencing increasing attacks, it may be time to take the next step to protect and solidify your strategy for security and performance.