What Is DDoS Attack and How It Affects SMEs

If your organization’s website is experiencing an unusual downtime or outages, this could be a sign that your organization’s website is under a distributed denial of service (DDoS) attack.

A DDoS cyberattack renders a targeted website slow or inaccessible. It victimizes not just large enterprises but also small and medium-sized enterprises (SMEs).

DDoS Attacks Against Businesses 

An example of a DDoS attack against a small business was the attack against a small brick and mortar jewelry shop in June 2016. The shop’s website had been taken down for days and the owner didn’t know why.

Upon investigation, Sucuri found that the shop’s site had been generating traffic of 35,000 to 50,000 HTTP requests per second (RPS) – web traffic that its web servers couldn’t handle, resulting to the site’s downtime.

Sucuri discovered that the attackers responsible for bringing down the site of the small brick and mortar jewelry shop used IoT (internet of things) CCTV devices as the source of their attack botnet.

A botnet, in general, refers to a string of connected computers coordinated together to perform a task. A DDos botnet, in particular, refers to computers, in this case, the CCTV devices that were themselves hacked to perform a malicious task, that is, to add traffic to the site of the small brick and mortar jewelry shop, rendering it inaccessible to the public.

Sucuri found that 25,513 CCTV devices were hacked and used in the DDoS attacks to shut down the shop’s site. The hacked CCTV devices were found to be located in different countries around the world (105 total). The top 10 countries with the most compromised CCTV devices used in this DDoS attack were Taiwan, USA, Indonesia, Mexico, Malaysia, Israel, Italy, Vietnam, France and Spain.

Another example of a DDoS attack was the attack in October 2016 against Dyn, a domain name service (DNS) provider. Popular websites rely on the service of Dyn. As a result of the DDoS attack against Dyn, more than 80 popular websites, including Amazon, Twitter, Netflix and Reddit were rendered temporarily inaccessible to the public. According to Dyn, 100,000 IoT devices were compromised to stage the attack.

DDoS-For-Hire

According to the Federal Bureau of Investigation (FBI), booter or stresser services, also known as DDoS-for-hire, increase the scale and frequency of DDoS attacks.

“Booter and stresser services are a form of DDoS-for-hire – advertised in forum communications and available on Dark Web marketplaces – offering malicious actors the ability to anonymously attack any Internet-connected target,” the FBI said. “These services are obtained through a monetary transaction, usually in the form of online payment services and virtual currency. Criminal actors running booter and stresser services sell access to DDoS botnets, a network of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.”

Anyone with ill-intention against your organization can initiate a DDoS attack, rendering your organization’s site inaccessible to the public. Criminal elements are offering their DDoS services online. Prices do vary depending on the duration and the intensity of the attack, some offer their DDoS service for as low as $7.

The Gammel caseis the first DDoS-for-hire case in Minnesota. The US District Court of Minnesota filed a case in April 2017 against Gammel for hiring DDoS-for-hire services to launch DDoS attacks against the sites of his former employer. Gammel was accused of hiring several DDoS-for-hire services to bring down 3 websites owned by his former employer in a DDoS campaign that lasted for more than one year.

Gammel was caught because he “anonymously” emailed his former employer taunting it about its “ongoing IT issues”. At the time of the emails, the company’s ongoing IT issues were DDoS attacks. The FBI traced the emails to Gammel as he used his registered cell phone number to create said emails. This led the FBI to Gammel’s other emails which he used to contact DDoS-for-hire services to launch DDoS attacks against his former employer’s websites.

Negative Effects of DDoS Attacks

Most SMEs today have some form of online presence, mostly through their official websites. The direct effect of a DDoS attack is immediate. It renders your organization’s site inaccessible to the people who need your site: your customers. Your business will lose customers if your site can’t be accessed. Inaccessible site can also tarnished your organization’s online reputation.

Access to company websites is important as a study conducted by Google and Ipsos MediaCTfound that 50% of consumers who conducted a local search on their phone visited a store within 24 hours, and 34% who searched on computer or tablet did the same.

“A study from the Center for Strategic and International Studies found that Canadian businesses are losing over $3 billion a year to cybercrime,” Perrin Beatty, president and CEO of the Canadian Chamber of Commerce, said in a statement. “It’s not technology-savvy security experts committing these attacks. Anyone with a computer and an internet connection can now disrupt services or hold data for ransom. What costs a criminal $100 may end up costing a business millions in lost money, time and reputation.”

How to Prevent DDoS Attacks

While it’s easy for criminals to pay just a few bucks to launch a DDoS attack against your organization’s site, it’s equally easy to prevent such attacks in under few seconds, regardless of the intensity of the attacks and without getting in the way of your site’s legitimate traffic.

If your organization is having problems with persistent site downtime, a sign of DDoS attacks, contact us at GenX. We offer per incident technical support and diagnostic services, for instance, in cases of denial of service attacks.