Under most circumstances a 25th anniversary is a wonderful thing. It is, after all, the silver anniversary, one befitting of extravagant gifts of jewelry and engraved silver keepsakes. However, there probably aren’t many people out there purchasing a scroll-edged picture frame and engraving Happy 25 Years of Devastating DDoS Attacks. And not just because that’s really too long for an engraving; there are other reasons. This look back (and look forward) into the world of DDoS attacks will illuminate that.
Distributing denial of service
As DDoS mitigation provider Imperva Incapsula states, a DDoS attack is a distributed denial of service attack which is a malicious attempt to render a targeted online service unavailable to its users. This is accomplished by overwhelming the target’s bandwidth or network resources with an influx of malicious traffic from a botnet, and the result of an unmitigated DDoS attack is typically the target being taken offline, or slowed down enough that it’s unusable.
As mentioned, these attacks have now been occurring for 25 years, causing widespread consequences such as loss of traffic and revenue, diminished user trust and loyalty, hardware or software damage, and even the theft of sensitive data including user information, financial information and intellectual property.
The past: big targets, big headlines
It was one Robert Morris who touched off the distributed denial of service craze when he created a self-replicating Trojan virus called the Morris worm in 1988. This virus was quickly detected thanks to how successful it was and the rate at which it consumed system resources. While Morris’s creation wasn’t precisely like the DDoS attacks we’ve all come to know and loathe, it did set the stage for DDoS attacks by exploiting botnets.
One of the first recognizable distributed denial of service attacks took place in 1996. It was a SYN flood directed at a New York-based ISP called Panix, which was flooded with connection requests that kept legitimate users from getting through. The attack lasted three days and came to be known as the Panix attack.
These days it’s par for the course for a big name like Sony to get nailed with a DDoS attack, but these name-brand attacks first began in 2000 when Amazon, eBay and Yahoo were all struck down by one attacker, Mafiaboy, who reportedly thought DDoS attacks were a good strategy for controlling the internet.
After corporations became a steady target of distributed denial of service attacks, governments soon followed with the White House website getting hit with an attack in 2001. It’s been open season on governments ever since, with the United States, Canada, Ireland, Estonia, Thailand, North Korea, Thailand and Tunisia being a small sampling of the governments that have famously been targeted.
The present: targets everywhere
It used to be that a distributed denial of service attack was a fast-track to a tech headline, so uncommon were they and so huge were the targets. That’s changed. Those big targets still garner headlines, as do attacks that are bigger than previously seen or remarkable in method, but for the most part, DDoS attacks have become not just an everyday occurrence but a hundreds-of-times-per-day occurrence, targeting organizations ranging in size from major corporations like financial institutions and online gaming companies to mom and pop shops with a basic internet presence.
Research showed that in 2015 a whopping 45% of organizations were hit with a DDoS attack – almost 1 in 2. To add insult to injury, 74% of organizations hit were hit more than once. Those numbers are only on the rise as DDoS for hire services have become commonplace. For a few bucks out of a PayPal account, anyone can buy access to a botnet and launch a DDoS attack at the target of their choosing.
In addition to becoming commonplace, distributed denial of service attacks have also become all the more devastating. DDoS attacks now last for 30+ days, routinely use multiple attack vectors, are used for smokescreens for intrusions that result in data theft, and are taking advantage of both mobile phones and Internet of Things devices for botnets. Yikes.
The future: you can probably guess
With so many cyberattackers out there it’s hard to guess at all of their motives. However, one thing is certain when it comes to the why of distributed denial of service attacks: attackers use them because, by and large, they work. As long as they get results, attackers will use these attacks, and if the past is any indication – these attacks are only going to get more complex and more damaging.
The future of DDoS attacks that website owners need to be concerned with is the one where they invest in advanced cloud-based DDoS mitigation. Take care of it now and 25 years to the day you can get 25 Years of DDoS-Free Web Presence engraved on a silver beer stein. That’s class.