Stop DDoS hackers before they attack
Have you heard about the rise in frequency of Distributed Denial of Service (DDoS) attacks? In 2020 there were more than 10 million DDoS attacks globally. It’s more important than ever to keep your online businesses and websites safe from DDoS.
If you’ve already suffered a DDoS, it is still possible to prepare against further attacks. The solution is simpler than you might think.
Keep this in mind as you read on. We’ll explain the latest advice on DDoS attacks, how to protect against attacks, and what kind of attacks can occur against your website.
Why prepare for future DDoS threats?
No, you haven’t stumbled into the plot of Minority Report and the ability to see into the future; but if it’s been a while since you last read up on DDoS it’s a good idea to review your approach to security.
Why the urgency?
DDoS is a serious threat to your website security and your customers’ privacy. In July 2021, 68% of business leaders said their company had experienced a DDoS attack in the last 12 months. A higher number of attacks were aimed at the UK (76%) and the US (73%) with slightly less aimed at their German (59%) and French (56%) counterparts.
With 40% of companies reporting DDoS caused major disruption and costs, it’s more important than ever to prepare against future attacks.
The Rise and Rise of DDoS attacks
Since lockdown, the U.K. Cambridge University’s Cybercrime Center reports a three-fold increase in Distributed Denial of Service (DDoS). Attacks are now up to 30,000 a day.
In another development, the motives for DDoS attacks (usually perpetrated by cybercriminals) have shifted to include malicious attackers, who can purchase a DDoS attack method for as little as $150 on the dark web.
You can also be the undeserving target of an attack if you are caught up in a larger DDoS (for example, an attack aimed at the provider of your web services) or if you are sharing a server that is the hacker’s target.
The impact of DDoS attacks
Over the last three years, there’s been huge growth in the impact of DDoS attacks.*
- the size of attacks increased 63% year on year
- the power of attacks grew 776% to range from 100 gigabytes/second to 400 gigabytes/second
- the frequency of attacks went up by 39% year on year
- in 2021, the number of attacks greater than 1 gigabyte/second, which is enough to take most organizations completely offline, grew to 23%
If you thought a bad review was trouble, DDoS could be much worse. The average cost to a business is estimated at upwards of $50,000, but can be much more and involves:
- cleanup security
- loss of customer confidence
- lost website trust and rankings positions
- lost future business, long-term value, etc.
- ransoms to unlock your devices and systems
Who DDoS targets
DDoS hackers are most attracted to businesses in the financial, telecoms, healthcare, gaming, and e-commerce sectors. But, it’s becoming much more common for smaller companies and individuals to be targeted by hackers. This is because many websites lack prevention security protection or are probably not aware of it. (We’ll cover more about what you can do about this later.)
Think DDoS won’t happen?
Think again. I recently stayed in a lovely holiday bed and breakfast run by the nicest people you’d ever meet. They were suffering a DDoS attack on their website. I wondered to myself why on earth they’d been targeted? But the sad truth was, they had been, and it cost them thousands in security consultation and remedy.
If you’ve already been hacked, you might be wondering how it happened. Let’s investigate how and why DDoS attacks occur and then we’ll look at service protection in more depth.
The three types of DDoS attacks
Serious attackers will shut down or slow down a website, coerce the target business or website owner into paying a ransom, steal customer credit cards out of your database or memory cache, or spy to get hold of company secrets. Attacks can last for days, weeks, or even months.
Attacks come in three forms. Let’s see how each works.
1. Volume-based attacks
This attack sends massive amounts of traffic to overwhelm a server’s resources. The hacker gathers a zombie army of client devices called a botnet. The zombies send DNS requests that confuse the target server, which exhausts itself trying to work out query responses.
The results can be pretty devastating. Depending on the countermeasures in place, the service provided by a nameserver is degraded, seriously impaired, or brought to a halt.
In the end, everyone who uses that nameserver to power requests for their domain is affected.
2. Protocol attacks
The second type of DDoS attack manipulates instructions about the transport of data around the Internet.
These are more focused — usually targeting one particular server — and exploit vulnerabilities in this server’s resources. The only way to protect against protocol attacks is to use port-blocking or rate-limiting on the target server to mitigate the attacks.
3. Application or ‘flood’ attacks
These are the most sophisticated form of DDoS attacks, which enter systems via web applications and, once inside, flood a target (one or more servers) with DNS queries.
During DDoS application attacks; your website will likely go offline if server resources are overwhelmed/exhausted. This can happen even if you have a CDN service, but it’s not equipped to handle the excess query traffic.
But there is something you can do. Together, let’s learn more about how providers of website services (like Namecheap) can help you prevent DDoS attacks.
Steps you can take to stop DDoS attacks
An excellent first step for website owners is to make sure more than one nameserver is included with their hosting.
Having a backup nameserver helps. But that alone is not enough.
Once an attack is underway, you might experience denial of service and severe slowdowns to page loading times. Unfortunately, free CDN and DNS services won’t include deep packet inspection to exclude zombie DNS requests, specific countermeasures, or the ability to spread the load across multiple servers with a robust CDN.
An enterprise CDN (such as Namecheap’s Supersonic CDN) will provide DDoS attack mitigation. During a protocol or volume attack, your website will be rate-limited. You will still have a website appearing to visitors. But you are not infiltrated by hackers — which is crucial — to keep your customers’ trust and confidence in your website!
For powerful DDoS protection, you need DNS server technology that protects your nameserver’s uptime, can mitigate attacks, evaluate traffic, and combine with a CDN which increases your content bandwidth capacity. Only enterprise DNS and CDN services provide this. The good news is, they don’t cost much!
What you need in a DNS service
Words to look for when you are shopping around.
- Blackhole servicing: Volume attacks will affect your bandwidth. If your enterprise DNS hosting service provider can blackhole all traffic from a hacker’s ISP, you won’t be affected by any of their zombie traffic. (A bit like how blocklists work in email).
- DNS server configuration: Open DNS resolvers (servers that answer requests) are essential to the attack. There are millions of these servers all over the globe. A configuration program can identify when a hacker uses a spoofed IP address (basically an anonymous or unknown domain that isn’t cached). In this case, identified zombie queries will be dropped as suspicious.
- Ingress filtering: To create a botnet, attackers must have a source IP address spoofed to the victim’s IP address. Your DNS service needs to contain ingress filtering, a process that identifies hidden spoofed IP addresses and drops those queries.
- Anycast, load-balancing, mitigation: You’ll want to be part of a global system of servers known as Anycast. These global servers will balance the scale and weight of the attack across many data centers to ensure your website stays online (mitigation).
- DNSSEC security extensions: ensure your provider is up to date with the latest DNS configurations and packet inspection solutions.
- SLA: Anyone promising uptime must back this with a stated Service Level Agreement.
(It’s worth saying that Namecheap’s PremiumDNS provides all these features with 100% SLA-backed DNS uptime.)
What you need in a CDN service
Mitigation of traffic: how much traffic your website can handle is expressed by query numbers, e.g., 2 million queries — which is more than enough for a small to medium e-commerce business.
Edge servers and PoPs: What you need against DDoS in a CDN is bigger network capacity. Using edge servers around the world increases the points of presence (PoPs). More bandwidth is available if you are attacked.
Get the twin protections of DNS and CDN services
Most don’t realize there’s a simple solution to the problem of DDoS. Fully cloud-based DNS and CDN platforms, with a reputation for premium security. If you wish to protect your digital assets, they can monitor your traffic and assets 24/7, lightening the load on your in-house team and protecting even the most complex and specialized networks, without compromising quality.
Platforms are usually available to buy as add-ons. This is more common because managed services are flexible and customizable, which allows their expert team to make adjustments to respond to the latest DDoS threats.
Whatever your decision, you’ll need to drill into the details. Here are a few of our best tips.
- At the very least, look for a landing page on the website which explains the services and how they’ll work for you. Here’s Namecheap’s beat DDoS hackers page as an example.
- Combine your hosting with the best DNS and CDN services you can afford. Your hosting will do much more than store a big website and speed up your page loading time; just make sure it’s interoperable with your hosting.
- Read what features are included and compare with other providers.
- A word to the wise. Most all-inclusive deals in our experience are not tailored to what you need and might not work against more sophisticated DDoS attacks.
- Look at the reputation of the company. In general, a more prominent company will have invested more in developers, and security updates.
- Many of you will want to consider company values too. (Here’s Namecheap’s values that might interest you).
To summarize a few things we’ve said in this article, you’re looking for these features to protect your web property from DDoS attacks:
- SLA’s (Service Level Agreements).
- Anycast DNS.
- DNS monitoring.
- DNSSEC security extensions.
- A dashboard monitoring suspicious activity.
- Traffic mitigation/rate-limiting.
- Query numbers — a good indicator of how much you need to spend.
- Edge server nodes and PoPs – more is better.
- WAF technology.
Why trust Namecheap?
Namecheap’s Supersonic CDN and PremiumDNS work with any domain registered anywhere.
- In 2021, we were rated number one by Forbes for domain registration.
- Our security products Supersonic CDN and PremiumDNS ensure DDoS attacks are mitigated, and businesses stay online.
- We sell both products as add-ons, even if you didn’t register your domain with us.
- At Namecheap, we believe in Net Neutrality, and this reflects our pricing.
- We believe true technology and enterprise-grade security should be affordable for all. Not just the bigger players.
To be confident you’ve got the best protection on the market right now, visit our DDoS page, Beat Hackers, to learn more. From there, for one month up to September 19, you can enjoy 45% off PremiumDNS and Supersonic CDN.
*The statistics used in the section The Impact of DDoS and the chart used in Who DDoS targets are courtesy of CISCO’s Annual Internet Report, 2018-2023.
This post was written by Lisa McKnight and was first posted to www.namecheap.com