A Distributed Denial-of-Service (DDoS) attack, whether large or small, can cause significant downtime and financial loss.

But what exactly is a DDoS attack?

Craig Lusher

In this blog, Craig Lusher, Product Principal of Secure Solutions at Continent 8 Technologies, will explore what a DDoS attack is, the different types of DDoS attacks, and the best practices for mitigating DDoS attacks.

What is a DDoS attack?

A DDoS attack is like an unexpected traffic jam on an otherwise free-flowing highway. The attacks attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming it with a flood of Internet traffic.

DDoS attacks leverage multiple compromised computer systems as sources of attack traffic, including computers and Internet of Things (IoT) devices. They involve networks of Internet-connected devices infected with malware, controlled remotely by attackers and forming a botnet.

The process begins with the attacker creating the botnet by infecting multiple devices. Next, they send remote commands to the botnet, which then sends numerous requests to the target’s IP address. This flood of requests overwhelms the server or network, resulting in a denial-of-service for legitimate traffic.

Several high-profile DDoS attacks have made headlines in recent months, showcasing the damage these attacks can inflict, regardless of industry.

Types of DDoS attacks

DDoS attacks come in various forms. DDoS attacks can be categorised into three main types based on which part of the network connection they target.

DDoS Attacks

Volumetric attacks

A volumetric attack aims to overwhelm the bandwidth between the target and the Internet with massive amounts of data. The attack often uses amplification techniques to ensure it consumes all available bandwidth.

A good example is Domain Name System (DNS) amplification. This method is done through a small query to an open DNS server with a spoofed IP address, resulting in a large response being sent to the victim, ultimately overwhelming their bandwidth.

Protocol attacks

A protocol attack exploits weaknesses in network protocols, particularly layers 3 and 4 of the protocol stack. It disrupts service by consuming server resources or network equipment resources like firewalls and load balancers.

SYN flood is a popular method. It overwhelms the target by sending many TCP SYN packets with spoofed IP addresses, exhausting resources by never completing the TCP handshake.

Application layer attacks

The application layer attack targets the application itself, often appearing as legitimate traffic. It exhausts the target’s resources and creates a denial-of-service. The attack preys on the application layer (Layer 7 of the OSI model) where web pages are generated and delivered in response to HTTP requests.

HTTP flood method, for example, generates multiple HTTP requests to flood the server. These requests overwhelm the server and cause a denial-of-service. These can range from simple attacks with one URL and similar IP addresses to complex attacks using many IP addresses and random URLs.

Mitigation methods – A defence-in-depth, multi-layered approach

The main challenge in mitigating a DDoS attack is distinguishing between legitimate traffic and attack traffic. For example, a legitimate surge from a product release differs from an attack surge from known attackers.

These attacks are also multi-vector. This means they use multiple pathways to overwhelm targets, making it harder to distinguish between attack and normal traffic. A layered approach, such as combining DNS amplification (targeting layers 3/4) with an HTTP flood (layer 7), requires varied strategies for mitigation.

Due to these complexities, protecting a site from DDoS attacks requires a multi-layered approach. In the event of unforeseen circumstances, having a clear plan in place for responding to DDoS attacks can minimise downtime and damage.

Finding a service specialising in DDoS solutions can be a great help, but there are layers to the mitigation process.

At Continent 8, we advocate for a ‘defence-in-depth’ strategy, where multiple layers of security controls are implemented throughout the organisation’s IT environment. This ensures that if one layer is breached, additional layers are in place to prevent or mitigate the attack.

Continent 8’s defence-in-depth, multi-layered approach includes:

  1. Coarse filtering: Ad-Hoc upstream traffic filtering and DDoS scrubbing
  2. Medium filtering: Managed access control lists at the network edge
  3. Medium/fine filtering: Layer 3 and 4 DDoS scrubbing
  4. Fine filtering: Layer 7 Web Application and API Protection (WAAP) rate limiting and filtering
  5. Polish: Traffic delivery with Endpoint Detection and Response/Managed Detection and Response (EDR/MDR) solutions and managed updates and hardening
  6. Log event monitoring and threat protection: Security Operations Centre (MSOC) and Security Incident and Event Management (SIEM) threat detection and response

DDoS Services

Continent 8 for complete DDoS protection

Continent 8 offers the most comprehensive cybersecurity solutions equipped to meet today’s emerging DDoS threats.

Cybersecurity solutions for a safer tomorrow

Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organisation’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent8.com or fill out our Contact Us page.

Craig Lusher from our Secure team takes a deep dive into the latest DDoS stats from the second quarter of the year

Overview of 2Q 2024

As was the case in the first quarter of 2024, Continent 8 continues to see a decline in DDoS attacks against its customers with just 32 incidents reported across customers in the second quarter of the year. This marks a 45% decrease from the 58 attacks recorded in the previous quarter and is a mere fraction of the 1,106 DDoS attacks successfully thwarted during the corresponding period in 2023.

The quarter’s fluctuation in the number of attacks per month, with 8 in April, 5 in May and 19 in June, indicates varying attack campaigns or possibly enhanced defensive strategies.

Attack size and intensity (Gbps)

The intensity of attacks in the second quarter of 2024 escalated significantly than in the previous quarter in terms of peak attack size:

This quarter’s surge in peak attack intensity, particularly in June, indicates a concerning trend towards more powerful DDoS attempts, despite their decreased frequency.

Impact on customers

The highest number of attacks a single customer faced was 7, a significant reduction from the peak of 25 attacks in the first quarter. This data indicates a shift towards a more distributed pattern of attacks in the second quarter compared to the first quarter.

Duration and frequency

The timing and frequency of attacks in the second quarter of 2024 reveal some interesting trends:

These figures indicate that while there were fewer attacks overall, they tended to last longer on average, with some attacks being significantly more persistent than in the previous quarter. Prolonged attacks can strain resources for unprotected customers, potentially leading to substantial disruptions if critical systems or services are compromised by malicious activity.

2Q 2024 quarterly summary  

The second quarter of 2024 witnessed a significant reduction in overall DDoS activity compared to the first quarter. However, there has been a concerning uptick in the intensity of attacks, particularly in June, posing a greater risk of potential damage. The fluctuations observed throughout the quarter, peaking with a spike in June, suggest evolving DDoS attack strategies. Employing an advanced DDoS mitigation system and solution is essential to safeguard against potential threats.

Continent 8’s DDoS mitigation solution

Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.

Key features of our mitigation solution:

DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device and phishing defence services.

This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.

To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.

Anc News TV artigo sobre o continente 8 e parceria IPC nas Filipinas.

Global data centre and managed service provider Continent 8 Technologies has announced key partnerships to enable the delivery of its globally respected services directly to businesses throughout the Philippines. The new partners approached Continent 8 as they wished to offer the company’s advanced DDoS (Distributed Denial of Service) protection and mitigation services alongside Continent 8’s global private connectivity to Philippines based companies.

In 2016, Continent 8 announced the completion of its latest network expansion, bringing its European, North American and Asia Pacific networks together to give true global coverage across a multi-terabit network. Now with over 25 points of presence globally, this enables the company to deliver its world-class service portfolio into a number of additional regions.

Partnerships have been announced with IP Converge Data Services Ltd (IPC, an ePDLT company) and LR Data Center and Solutions, Inc, both headquartered in Makati City, Manila. These significant players in the local connectivity and data centre markets were carefully selected by Continent 8 as they are both businesses which share Continent 8’s values of service excellence, innovation and integrity.

By forging these strategic partnerships, Continent 8 brings proven expertise and the delivery, management and support is carried out by the partners – enabling continuity, use of local knowledge and leveraging existing relationships. This model is now to be extended to other regions in the coming months through more carefully selected partners who share Continent 8’s ethos for service excellence and who wish to bring Continent 8’s service portfolio to their own customer base.

Michael Tobin, Co-founder and Chief Executive Officer commented “With nearly 20 years of experience and operations, we have built a global reputation for service excellence alongside a unique global footprint of data centres and network points of presence. By partnering with IPC and LR Data, we bring to the table advanced DDoS Mitigation services to Philippine enterprises, at a time when attacks are becoming increasingly prolific,”

Further services will be rolled out in due course and will allow Filipino businesses to connect globally using their local, trusted partners.

Let's work together.

GET IN TOUCH

Asia +65 3165 4649
Europe +44 1624 694625
Latin America +54 11 5168 5637
North America +1 514 461 5120