In 2021, there were 9.8 million DDoS attacks reported globally. BT alone saw a 260% increase in DDoS attacks among our customers between March 2021 and March 2022 – on top of another increase of 235% the previous year.

The nature of these attacks is also changing, becoming increasingly more sophisticated, longer in duration and even more targeted.  

What’s more, our reliance on digital solutions is helping attackers by providing a host of security vulnerabilities such as weak passwords, outdated components and insecure update mechanisms. All providing easy ways for cyber-hackers to infiltrate your organisation.

There are three main different types of DDoS attacks: volumetric DDoS attacks, state exhaustion DDoS attacks, and application layer DDoS attacks. The aim for all is to disrupt the normal service of your website.  

The three types differ in their method of attack: 

• Volumetric attacks use botnets to flood a target website with errant requests – aiming to exceed the website’s capacity and make it unusable. 
• State exhaustion attacks (also known as protocol attacks) cause service disruption by overloading assets such as edge load balancers and firewalls.  
• Application layer attacks target the vulnerabilities in the application layer.  

Sometimes, attackers use all three methods in so-called multi-vector attacks. These variations make DDoS a particularly difficult threat for organisations to deal with.  

And the number of attacks is increasing every day. In November 2021, the largest ever attack was reported by Microsoft, involving a botnet of over 10,000 devices.

Organisations of all sizes and sectors are at risk of a DDoS attack. They are one of the oldest forms of cyber-attack and are a relatively cheap and easy way of causing huge amounts of damage to the target organisation.

The increasing reliance of organisations on cloud services means that an attack can not only impact outward facing customer platforms but also the internal systems – grinding an organisation to a halt.

There are numerous motivations for attacks with DDoS, often used as a form of protest to cause widespread disruption to an organisation’s website and services. There have also been recorded instances of attacks being launched on competitor organisations as a means of damaging reputation.  

The ease of creating these attacks makes them a serious threat to all organisations.  

Prevention is better than cure, and there are a few things that you can do to help prevent an attack:

• Audit your organisations networks and services to establish where there are areas of vulnerability.
• Find out what protections your internet service provider (ISP) or content delivery network (CDN) provider for cloud-based services can offer.
• Ensure that your organisation has capacity in your network to accommodate potential unexpected increase in volume.

These efforts, along with having a solid response plan in place, can help to reduce the risk of an attack happening or reduce the damage if you are unlucky enough to be a target. BT offers a range of DDoS mitigation services built into the network as standard, targeting all three types of DDoS attacks. With the fast evolution of cyber-threats, it’s important to stay informed about the latest in cyber-security.