How to Defend Against DDoS Attacks: Expert Strategies Explained

Cyberattacks are increasing in frequency and growing in sophistication. Businesses of all sizes are continually at risk as cybercriminals develop more advanced methods to breach security systems and disrupt operations. The need for robust cyber defences has never been more critical. 

Expert insights on cyber security

To help navigate this complex terrain, we turn to two esteemed experts in cyber security. Aaron Bailey, the Chief Information Security Officer (CISO) for The Missing Link, emphasises the importance of proactive defence strategies and continuous monitoring to protect against evolving cyber threats. Ben Munro, Cloudflare's Head of Marketing for Asia Pacific, brings knowledge and experience in protecting businesses from internet threats. Their combined expertise provides invaluable insights into the world of cyber threats and how to combat them. 

Understanding the intricacies of Distributed Denial of Service (DDoS) attacks and recognising the tactics of notorious cybercriminal gangs are crucial for any business looking to fortify its defences. By exploring the latest trends in cyber threats and the strategies to counter them, you'll be better prepared to ensure your business remains resilient in the face of ever-evolving cyber challenges. 

Understanding DDoS attacks 

DDoS attacks are malicious attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. This flood of traffic comes from multiple sources, making it difficult to stop the attack by blocking a single source. The goal of a DDoS attack is to render the target unresponsive, causing significant disruption and potential financial loss. 

Figure 1: From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination. Source: Cloudflare 

Types of DDoS attacks

Ben Munro from Cloudflare explains that DDoS attacks are a persistent threat, with three main types: 

• Volumetric Attacks: These consume all available bandwidth, making it difficult for legitimate users to access the service, likened to cars stuck in a traffic jam. 

Figure 2: An example of a volumetric attack. Source: Cloudflare 

• Protocol Attacks: These exploit vulnerabilities in network protocols, consuming server resources and potentially causing the server to crash or become unresponsive, like pressing all the floor buttons in an elevator. 

Figure 3: An example of a Protocol attack. Source: Cloudflare 

• Application Layer Attacks: These target specific applications, making it difficult for legitimate users to access the service, often by sending a flood of requests to the application’s endpoints, like ordering a thousand complex coffee drinks at the head of the queue, causing delays. 

Figure 4: An example of an Application layer attack. Source: Cloudflare 

These attacks are not only frustrating but also potentially damaging to businesses and their customers, especially when critical infrastructure or financial systems are targeted. 

The impact of DDoS attacks on business and critical infrastructure 

DDoS attacks can have severe consequences for businesses and critical infrastructure including: 

Business Disruption: 

• Downtime: Prolonged downtime can result in significant financial losses, especially for businesses that rely on online transactions or services. 

• Customer trust: Repeated or prolonged attacks can erode customer trust, leading to loss of business and damage to brand reputation. 

• Operational costs: Mitigating and recovering from DDoS attacks often requires significant resources and can incur substantial costs. 

Critical Infrastructure: 

• Healthcare systems: DDoS attacks on hospitals and healthcare systems can disrupt critical services, potentially putting lives at risk. 

• Financial institutions: Attacks on banks and financial institutions can prevent customers from accessing their accounts, causing widespread panic and financial instability. 

• Public services: Government websites and public services can be crippled, affecting citizens’ access to important information and services. 

Notorious cybercriminal gangs 

Killnet and Anonymous Sudan are two well-known cybercriminal groups that have gained attention for their disruptive and damaging cyberattacks. These groups have achieved fame through their persistent and sophisticated tactics, often targeting critical infrastructure and high-profile organisations. 

• Killnet: This cybercriminal gang has been involved in various malicious activities, including DDoS attacks. They’ve been known to disrupt services and cause significant damage to targeted entities. Killnet has also been linked to several high-profile cyber extortion cases, where they demand ransoms to stop their attacks. 

• Anonymous Sudan: Another cybercriminal group that has made headlines for their cyberattacks. Like Killnet, they employ a range of tactics to disrupt and damage their targets. 

Targets and tactics 

Both Killnet and Anonymous Sudan have been known to target a variety of high-profile and critical infrastructure organisations. Their objective is often to cause maximum disruption, and they have been involved in attacks on: 

Universities: 

• Tactics: These groups have targeted educational institutions, aiming to disrupt academic activities and access to educational resources. DDoS attacks on university networks can prevent students and faculty from accessing online services, conducting research, and participating in online classes. 

Hospitals: 

• Tactics: Attacks on healthcare facilities can have severe consequences, potentially putting lives at risk. By targeting hospitals, these cybercriminals can disrupt critical healthcare services, access to patient records, and the functionality of medical devices. DDoS attacks on hospital networks can delay or prevent patient care, leading to potentially life-threatening situations. 

Airports: 

• Tactics: Airports are another high-profile target for these gangs. Attacks on airport infrastructure can cause significant disruption to air travel, affecting flight schedules, passenger services, and operational systems. By targeting airports, these groups aim to create widespread chaos and inconvenience. 

Motivations behind attacks: Political, financial, and competitive

Understanding the motivations behind cyberattacks is crucial for developing effective defence strategies. The motivations driving cyberattacks are as varied as the methods themselves: 

• Political reasons: Many cyberattacks are politically motivated, driven by ideological beliefs or state-sponsored agendas. Hacktivist groups and nation-state actors often target critical infrastructure, government websites, and political entities to advance their causes, disrupt adversaries, or send a message. The attacks on universities, hospitals, and airports by groups like Killnet and Anonymous Sudan illustrate how politically motivated cybercriminals can inflict widespread disruption and fear. 

• Cyber extortion: Financial gain remains a primary motivator for many cybercriminals. Through tactics such as ransomware and phishing, attackers seek to extort money from individuals and organisations. They often deploy sophisticated social engineering techniques to deceive victims into making financial transfers or paying ransoms to regain access to their data or systems. Cybercriminal gangs like Killnet have been particularly effective in using cyber extortion to fund their operations and expand their reach. Additionally, cyber extortion schemes have become more sophisticated, with attackers threatening to release sensitive data unless their demands are met. 

• Competitive advantage: In some cases, cyberattacks are driven by the desire for competitive advantage. Rival companies may engage in corporate espionage or sabotage to undermine their competitors' operations, steal proprietary information, or gain insights into strategic plans. This type of malicious activity can severely impact an organisation's market position and financial stability. 

Strengthen your cyber defences 

The increasing sophistication and variety of cyber threats underscore the importance of a proactive and multi-layered approach to cyber security. By understanding the evolving tactics and underlying motivations of cybercriminals, businesses can better prepare to defend against these persistent and dynamic threats. 

For deeper insights into cyber threats and the latest protection strategies, tune into our podcast with Aaron Bailey and Ben Munro. Hear firsthand from experts on safeguarding your business against the evolving landscape of cybercrime. Don't miss out—listen to the podcast now  and take the first step toward securing your business.