DDoS attacks are becoming a significant threat to companies and organizations whose functioning is associated with the reliability of information systems. A business can suffer significant losses during downtime caused by an attack targeting its cyber system and extortion from hackers.
The companies that actively use technologies in their processes must be prepared to face possible hardware or software downtime. Apart from monetary losses, downtime may even lead to business collapse. The cost of downtime varies depending on many factors, including the following:
The level of direct monetary losses is the most significant for businesses that heavily depend on high-level data transactions. This category includes banks and online retailers.
According to the recent ITIC’s 12th annual 2021 Hourly Cost of Downtime survey covering >1,200 enterprises worldwide, the 91% majority of corporations reported hourly downtime costs of $300K, while for 44% of the enterprise, the hourly cost of downtime is more significant than $1M. For the last seven years, the hourly cost of downtime has increased by 32%, indicating the greater dependence of enterprises on technological processes.
However, apart from the actual outage costs, businesses should also consider losses attributable to litigation. Namely, the failure of companies to meet compliance regulations and Service Level Agreements may result in civil penalties.
Downtime also affects internal productivity since it distracts employees from performing their core duties even after resolving the incident. The company’s managers may also face increasing interviews and checks following the incident. Thus, executives are forced to deal with the implications of downtime instead of focusing on business growth. And an inevitable outcome of every downtime is reputation damage. Businesses are interested in cooperating with entities that can guarantee a smooth running of processes.
There are generally two types of downtime, including planned and unplanned downtime. Planned downtime is caused by the need to perform maintenance work or introduce changes or fixes into the systems. Planned downtime is scheduled and anticipated in advance and, thus, does not cause any damage to businesses.
Unplanned downtime is unanticipated and can occur at any time. The top causes of system downtime are security issues and user carelessness. The main security issues leading to downtime are sophisticated ransomware attacks and phishing activities. User carelessness is often attributable to the failure to follow basic security standards. DDoS attacks have become one of the common causes of downtime.
DDoS attacks are malicious attempts aimed at disrupting the regular traffic of a targeted server or network by overwhelming them with a flood of horrible Internet traffic. Thereby DDoS attacks prevent normal traffic from reaching its destination. DDoS attacks require a network of connected computers. Often, this network comprises computers compromised through malware. Each device involved in the attack sends requests to the targeted IP address, and since this device is legitimate, the attacked system cannot separate malicious traffic from the normal one. DDoS attacks have one of the four main cybersecurity threats, along with social engineering, supply chain attacks, and ransomware.
Rather than focusing on individual servers, attackers target edge network devices such as routers and switches. Bad actors responsible for DDoS attacks started adopting machine learning and artificial intelligence, enabling sophisticated network surveillance to find the most vulnerable systems. Through these advanced technologies, DDoS botnets can reconfigure themselves and change attack strategies to prevent detection and fast mitigation.
DDoS attacks themselves do not bring bad actors any direct financial gains. However, when combined with social engineering, credential stealing, and other attack methods, they become a powerful instrument allowing bad actors to demand their victims pay a substantial ransom. These attacks may be referred to as ransom DDoS attacks.
DDoS attacks that are followed by a ransom note are ransom DDoS attacks. Attackers realize that DDoS mitigation is a time-consuming process for businesses. Thus, victims may consider paying the ransom as the only way to entirely mitigate the adverse outcomes associated with downtime. The ransom note is sent either before or during the DDoS attack. Also, a bad actor may consider carrying out a minor DDoS attack before threatening to conduct a devastating attempt unless a ransom is paid.
Ransom notes may be delivered to a victim as a single email or as a threat with more and more details about the impact of the DDoS attack on business. Ransom notes may contain threats with specific figures and technical peculiarities to seem more professional for a victim. For credibility purposes, attackers may try to affiliate themselves with famous ransomware groups known for compromising solid businesses in the past. The ransom note also contains the required form of payment (either fiat or crypto transfer).
According to the new DDoS report of 2022 by Cloudflare covering Q1 this year, 10% of the respondents who faced DDoS attacks reported getting a ransom note. It is a 28% decrease YoY and a 52% decrease in QoQ. However, in Q4 2021, 1 out of 5 DDoS victims reported getting a ransom note from attackers. In December 2021, 28% of DDoS attacks were accompanied by a ransom request.
Paying ransom means transferring your money to cybercriminals. It does not oblige bad actors to stop or refrain from carrying out a DDoS attack. Attackers will use the money from victims to expand their botnet to make future attacks even more powerful. Upon receiving a ransom note, businesses should immediately notify law enforcement agencies and take appropriate DDoS mitigation or prevention measures.
All businesses with at least some online activities may become targeted by DDoS attacks. The most effective way to avoid the need to pay DDoS ransom is to be prepared to prevent downtime caused by traffic overwhelming. To this end, businesses should consider using permanent DDoS protection services that are free or for specified monthly or annual payments. Professional software monitors traffic, thereby preventing its inconsistencies.
This form of security testing will let you realize whether your systems are vulnerable to DDoS attacks and, if so, what scope of damage they may face. disBalancer provides professional DDoS stress testing services to businesses to identify vulnerabilities in systems through which hackers may cause downtime by launching powerful DDoS attacks. disBalancer imitates real-world DDoS attacks to determine whether a client applies an effective DDoS mitigation strategy. The final phase of DDoS stress testing by disBalancer is providing a client with practical recommendations on how to make its system ready for dealing with DDoS attacks.
A structured response plan will allow your company to respond promptly to security issues attributable to DDoS attacks. This plan should contain step-by-step guidance for the internal staff on maintaining operations immediately after a DDoS attack. Also, a company must establish a DDoS response team with specified responsibilities. The company should stay in touch with key stakeholders when applying DDoS mitigation measures to prevent panic and heavy reputation damage.
Ransom DDoS attacks have become a new form of blackmailing that may also be used as cyber-terrorism. Malicious actors put psychological pressure on victims by forcing them to pay a ransom as the only way to prevent further damage. In most cases, these ransom requests are simple manipulations, but companies need to be prepared to deal with possible actual DDoS attacks. To this end, they need to develop a DDoS response plan and establish a team that is responsible as well as uses professional software for DDoS stress testing and permanent system monitoring.