Botnets are everywhere, largely due to the low security often applied to web-connected devices, and the fact that DDoS attacks have recently become much more sophisticated. As a result, HTTP(S) attacks have been increasingly common, and due to their similarity in form to legitimate requests, they are very difficult to detect (which presumably makes them even more attractive to attackers).
To mitigate your risk of this type of DDoS attack, consider ways to improve your DDoS protection. Having a strong defense may not completely protect you from a botnet overwhelming your servers, but it can reduce your risk of attack, decrease your downtime, and prevent catastrophic losses to your business.
Table of Contents
The Many Ways to DDoS
A Distributed Denial of Service attack (DDoS) happens when a malicious actor overwhelms a network with excessive traffic, rendering it incapable of accepting new requests from legitimate traffic. Often, attackers use botnets to accomplish this, and it is often challenging for companies to fight back due to the scale of these attacks. Once the malicious traffic has crashed the website, companies find that they lose customers and are not able to sustain their business.
All that in mind, the DDoS attack doesn’t need millions of bots to work. In general, a DDoS attack just needs to overwhelm a bottleneck somewhere in the website, and the effect is the same. Whether the DDoS attack occurs in the infrastructure, NIC, web application, or somewhere else, as long as traffic is blocked, the attacker has achieved his objective. The attacks will time out eventually, but waiting around until they go away will cost you.
There are some common DDoS types:
- SYN Flood. Accounting for about 46% of DDoS attacks last year, this is the most common type of DDoS attack. The attacker sends a communication request, followed by the targeted website or server receiving that request and responding. The attacker’s device is irresponsive, leaving the communication open indefinitely. Multiple open communications that are never resolved slows down or stops traffic to the site.
- Ping Flood. This type of attack spams a website or server with requests, and when the recipient attempts to respond, everything slows down due to too much bandwidth being used. Legitimate traffic usually is not to be willing to wait out the slowdown.
- UDP Flood. UDP packets flood random targets on a server with User Datagram Protocol (UDP) packets. The recipient repeatedly looks for the correct application, and, when it can’t find one, replies with an ICMP ‘Destination Unreachable’ packet. Eventually, this hogs the server’s resources, preventing it from interacting with any more traffic.
- HTTP(S) Flood. This attack overwhelms the targeted server with requests and often aims to be as complex as possible to take up large amounts of resources. Typically executed with a botnet, this attack is highly scalable and difficult to detect because it uses URL requests that often look legitimate to monitoring software.
HTTP(S) DDoS is a Growing Threat
Since 2020, HTTP(S) DDoS attacks have increased 487%, largely due to groups like Killnet and Russian hackers. These attacks are considered direct-path, meaning that they target specific organizations, which implies a more intentional attack than a bored hacker with time to kill.
The scale of these attacks has been unprecedented. According to Infosecurity, Netscout tracked over 350,000 botnet security alerts across multiple organizations, 1.35 million bots, and 75 trillion packets originating from those bots. Telecommunications providers have experienced a 79% uptick in DDoS attacks since 2020, and other industries will likely follow as attackers develop the HTTP(S) DDoS and grow increasingly sophisticated.
Protecting Against DDoS Attacks
Because the HTTP(S) DDoS attack utilizes URL requests that look almost identical to regular traffic, companies need a sophisticated anti-DDoS solution to identify and scrub these more subtle types of attacks. 91% of organizations report downtime from a DDoS attack, but a DDoS protection solution can help lower your risk by sending immediate alerts when an attack is detected.
Monitor your website for unusual activity and analyze potential attacks, Layer 7 in particular, which is the type used in HTTP(S) attacks. Protection solutions can also monitor your network, DNS, and individual IP. The ideal solution will also help you minimize your downtime, so even if an attack is successful, it will have a decreased impact on your business operations and revenue.
Ultimately, DDoS protection is tricky because the attack does not rely on vulnerabilities that can be patched. In most cases, you wait for the attack to happen and then respond as quickly as possible. However, anything you can do to improve your response time will reduce your downtime. Although the HTTP(S) attack is difficult to detect, solutions that are built on machine learning and transparent mitigation will help.