For anyone who is running a website of any type these days, one of the biggest threats is a DDoS attack, or Distributed Denial of Service attack. These attacks flood your website with traffic from thousands of different computers, causing your web server to crash or become unable to respond to authentic visitors. Sometimes DDoS attacks are performed by hackers attempting to use the attack as a ‘distraction’ while they attempt to steal actual data. Most of the time, however, it is just a malicious attempt to bring down a website.
It doesn’t matter whether you run a small blog or a fortune 500 copany’s website, with the right attack, your site is vulnerable. Most people with small to mid-sized sites are going to be attacked by people who are commonly called, ‘script-kiddies’. These aren’t true hackers, but just regular people who happen to know enough coding to infect some computers with malware and direct them to ‘attack’ a certain site or sites.
The major DDoS attackers, however, often sell their services to the highest bidder and can attack major sites including gaming companies, financial institutions, government websites and many others.
According to Akamai’s State of the Internet Security Report, which was recently released, the total amount of DDoS attack traffic has more than doubled over the past year. In addition, the average size of each attack is going up significantly. The report says that there was a 200% increase in the number of attacks that sent over 100 GBPS to the victim’s server. That is 100 Gigs per second. To give you some perspective, an average HD quality movie will run about 3.5 Gigs on NetFlix.
Vice President of Akamai’s Cloud Security Business Unit, John Summers, said, “An incredible number of DDoS attacks occurred in the fourth quarter, almost double what we observed in Q4 a year ago.”
Look at some important statistics pulled from the report:
- There was a 52% increase in the average peak bandwidth during attacks in Q4
- There were 84% more multi-vector attacks
- 121% more infrastructure layer attacks in Q3 2014 compared to 2013
- 28% increase in the average attack duration
- UDP-Based attacks were the most common
- 54% of DDoS traffic came from the US, making the US the worst offender
Major corporations work with the telephone companies to mitigate much of the traffic during these attacks, but this can be costly and time consuming. Smaller sites typically have to rely on the web hosting companies to handle any mitigation or else pay a third party company that offers DDoS protection.
If you haven’t looked into your website’s DDoS protection recently (or ever) now may be a good time to do it. Without adequate protection, even a small DDoS attack can take you offline for hours, and may even result in having your site removed by your hosting company.
To read the full report, click HERE.
