The first Distributed-Denial-of-Service (DDoS) attack is attributed to the efforts of a 15-year-old Canadian teenager who was able to intermittently attack Yahoo, Amazon, eBay, E*TRADE, and other companies throughout February 2000. The attacks resulted in the cumulative costs of approximately $1.2 Billion. Fast-forward to 2019 and DDoS attacks are not only occurring more frequently, but they are also more complex and destructive. The attack landscape has drastically expanded from a curious 15-year-old with access to public hacking tools, to cyber-terrorists and professional hackers interested in destabilizing businesses for financial or political gain.
A Brief Guide To DDoS Attacks
DDoS attacks are designed to exhaust a server, application, or network so that it will no longer function properly or be available to intended users. While the length, strength, and complexity of DDoS attacks can vary, they generally fall into the following categories.
- Volumetric-Based Attacks -- This type of attack delivers an overwhelming number of packets to a specific network. The packets are designed to exhaust router, switch, and server capacity. They are also built to consume all of the available network bandwidth by flooding it with malicious traffic. The main types of volumetric-based attacks include ICMP, UDP, and SYN.
- Application-Based Attacks -- This type of attack exploits weaknesses within applications, consuming memory, storage, or CPU resources so that the application can't serve legitimate users. By crashing the application with malformed messages, this type of attack is also able to target a specific HTTP connection as well as a web server. The most common type of application-based attacks include SIP header manipulation, SQL injection, and HTTP GET/POST attacks.
- Hybrid Attacks -- In the last few years DDoS attacks have changed tactics to include a hybrid design. As its name suggests, hybrid attacks are a blend of volumetric and application-based attacks. They attempt to consume network bandwidth and exhaust server resources at the same time. The result of a hybrid attack is often catastrophic.
The True Cost Of DDoS Attacks
As the complexity of DDoS attacks has grown, so too has the cost to both individuals and businesses. Each DDoS attack is associated with direct and indirect costs. The direct costs are typically easier to measure, while the indirect costs are often not measured (or felt) for months or years after the execution of a successful DDoS attack.
Direct costs include:
- Loss of revenue;
- Loss of productivity;
- Personnel costs (specifically within IT operations and security);
- Specialized consultants;
- Consumer credits;
- Legal and compliance fees; and
- Public relations.
Indirect costs often include:
- Damage to the brand;
- Theft of vital data;
- Loss of valuable customers; and
- Opportunity loss.
Together, direct and indirect costs can quickly amount to millions of dollars. In fact, for some web-based businesses, DDoS attacks can cause the loss of millions of dollars per hour. To date, the average cost of downtime per minute from a DDoS attack is $22,000. However, the cost can quickly rise to $100,000 per minute depending on the type of business and the extent of the attack (“A Study of Retail Banks & DDoS Attacks”).
Protect Your Business. Download The DDoS Attacks Economic White Paper Today
Senior executives are now paying close attention to DDoS attacks. A comprehensive analysis of the potential financial impact of a DDoS attack can help senior executives effectively prepare for the direct and indirect costs associated with an attack. To learn more about how you can protect your business, download the DDoS attacks economic white paper today and discover a model that can be used to effectively estimate the costs of specific attacks. In layman's terms, the model describes the costs associated with a hypothetical attack. It then provides a template that can be used to effectively measure the impact of a potential attack on your business. Finally, the model gives the guidelines needed to evaluate the ROI of DDoS protection solutions for a wide landscape of threat vectors and actors. Download the white paper today and take the first steps towards solidifying the financial future of your business, while simultaneously retaining a high ROI on protective measures. Contact us to learn more about CCI Security Services.
Works Cited:
“A Study of Retail Banks & DDoS Attacks.” Ponemon Institute, Dec. 2012.