Picture someone you don’t care for ambling down the sidewalk in winter. Now picture yourself packing one tight snowball and letting it fly, hitting that person square in the face. Effective, right? Now picture yourself pressing a button that activates 10,000 strategically placed snowball cannons which fire in quick succession, thumping that person over and over again. Far more effective. That’s essentially the difference between a DoS attack and a DDoS attack…minus a few important details.
DoS definition
A DoS attack is a denial of service attack, in which a single attacker takes aim at a single website using a homemade script or attack tool, typically targeting the underlying server infrastructure or by exploiting vulnerabilities to render that website unavailable. A denial of service attack can be an effective tactic for hacktivists or other cyberattackers that are looking to attract attention, since it impacts a website’s entire user base – one that might just take to social media and other outlets to air their grievances. A successful DoS attack can last for days.
DoS and then some
A DDoS attack is a distributed denial of service attack. So while a DoS attack comes from a single attack point, a DDoS attack point comes from a number of attack points – a number that has become increasingly massive. Instead of using homemade scripts or tools to launch a DDoS attack, the attacker behind it will use a botnet – a network of internet connected devices that have been hijacked for remote use. This gives the attacker a tremendous amount of firepower with which to launch an attack and take a target offline by occupying server resources or chewing up bandwidth.
Of the two types of attacks, it’s more likely these days that you’ve heard of DDoS. They’re attention-grabbing behemoths, and when aimed at a DNS server or other shared resources are capable of taking down dozens upon dozens of websites at once, such as in the case of last fall’s attack on the Dyn DNS server that saw Twitter, Netflix and other major online institutions rendered useless.
However, the results are bad enough even when aimed at a single site without professional protection. Like DoS attacks, a successful DDoS attack can last for days, causing anger as well as long-term trust issues among users. DDoS attacks can also cause damage to hardware and software or be used as a smokescreen for a data breach. For a sizable website or organization, the cost of an unmitigated DDoS attack can top $40,000/hour.
A difference in risk factor
If your website were to be targeted by a denial of service attack, chances are it would be because someone has an axe to grind with you or your business specifically, or an attacker stands to gain something from your website in particular going down, be it publicity or some sort of social justice message. Either way, your website would be the specific target. Yet for many website owners, this is not a likely scenario.
Getting walloped by a DDoS attack, on the other hand, is often nothing personal. Virtually every website on the internet is a potential target thanks to DDoS ransom notes that demand payment in exchange for avoiding an attack, and botnet for hire services that make it cheap and easy for anyone to spray attacks at any site of their choosing. These botnet for hire services are becoming increasingly scary as botnet builders are harnessing the power of unsecured Internet of Things (IoT) devices to build botnets that consist of hundreds of thousands of hijacked devices.
Protective measures
One of the most fundamental differences between DoS and DDoS attacks is the protection it’s possible to put in place against them.
For DoS attacks, unfortunately, there’s no one-step foolproof situation. Rather, guarding against denial of service attacks requires a proactive security strategy from at-risk websites that includes testing IT infrastructure to see how it stands up to an attack, monitoring traffic for abnormalities, monitoring social media for discussion of an impending attack, and preparing a thorough response plan for the entire organization, from security to public relations.
For most organizations that do not require in-house DDoS protection due to industry standards, the best option is going to be dedicated professional DDoS mitigation. Depending on a website’s needs, both always-on and on-demand protection is available, and with cloud-based protection options it’s possible to scale to any level of protection necessary while leaving the set-up and management to the DDoS professionals. Advanced cloud-based protection will use granular traffic inspection to keep attack traffic from ever touching the target network, instead rerouting all traffic to a scrubbing server and allowing legitimate traffic through unimpeded while eliminating malicious traffic.
The takeaway
If DoS and DDoS attacks only targeted people you don’t like, such as in the case of the snowball attack analogy, you wouldn’t have to be concerned with them beyond looking like a suspect. Cyberattacks are on the rise, however, and when it comes to DoS attacks and especially their ugly bully of a brother DDoS, essentially every website in existence is a potential target, from PayPal and Spotify to the sites of small businesses that literally cannot afford a day of downtime.
The good news is that with a proactive security strategy as well as professional DDoS mitigation, the threat from DoS attacks and DDoS attacks can be reduced and virtually eliminated.