Threat groups' tactics to avoid detection and cause harm are becoming increasingly sophisticated. Many security practitioners have seen distributed denial-of-service (DDoS) attacks carried out during peak business hours, when firms are more likely to be understaffed and caught off guard.
DDoS attacks are a year-round threat, but we've seen an increase in attacks around the holiday season. Microsoft mitigated an average of 1,435 assaults per day in 2022. These attacks peaked on September 22, 2022, with roughly 2,215 documented attacks, and continued at a greater volume until the last week of December. From June to August, the number of attacks were reduced.
One reason for this trend could be that many organisations operate with fewer security staff and limited resources to monitor their networks and apps during the holidays. The huge volume of traffic and income made by organisations during this peak business season make this time of year even more tempting to attackers.
Cybercriminals frequently take advantage of this opportunity to carry out lucrative attacks at a low cost. A DDoS assault can be ordered via a DDoS subscription service for as little as $5 under a cybercrime-as-a-service business model. In the meantime, small and medium-sized businesses spend an average of $120,000 to restore services and manage operations during a DDoS attack.
With this knowledge, security teams can take preemptive steps to fight against DDoS assaults during busy business seasons. Continue reading to find out how.
Understanding the varieties of DDoS attacks
Before we can discuss how to protect against DDoS attacks, we must first comprehend what they are. DDoS attacks are classified into three groups, each with its own set of cyberattacks. Attackers can utilise a variety of attack types against a network, including those from distinct categories.
The first type of attack is a volumetric attack. This type of attack focuses on bandwidth and is intended to overload the network layer with traffic. A domain name server (DNS) amplification attack, which leverages open DNS servers to flood a target with DNS answer traffic, is one example.
Then there are protocol attacks. This category primarily targets resources by exploiting flaws in the protocol stack's Layers 3 and 4. A protocol attack may be a synchronisation packet flood (SYN) attack, which uses all available server resources, rendering the server unusable.
The last type of DDoS assault is resource layer attacks. This category is meant to disrupt data flow between hosts by targeting Web application packets. Consider an HTTP/2 Rapid Reset attack, for example. In this case, the attack delivers a predetermined amount of HTTP requests followed by RST_STREAM. This pattern is then repeated to produce a large volume of traffic on the targeted HTTP/2 servers.