For many companies, their website and the internet is their entire livelihood. It’s a wonderful time that we live in, in which you can be making sales of your product while you sleep. If you fall into that category, how much would you say your website is worth to you? How much money per month do you generate from your website?
Now, what if that website was shut down for no reason at all? Or worse, someone held your website ransom, rendering your website useless, and you out of your paycheck?
Well, this scenario actually happens! And it’s happening more and more frequently. This article will educate you so you know what kind of threats are out there.
Denial of Service Attacks (The Evil Villain of the internet)
Without getting too technical, a Denial of Service is an attack by someone with ill-intent on your website. The reason for doing this varies from hackers having fun, to revenge, to extortion. But the end result is that when your website is hit with a DoS or DDoS (Distributed Denial of Service - a variety 1,000 times worse), your website could be down for hours or days.
Here’s how a DoS attack happens: A person with ill intent and some hacking skills (or “skillz" as those hipster hackers would likely write), start to send a massive amount of data packets to your website, an amount far beyond what it could normally handle.This cripples the resources such as RAM, processor power, etc. that keep your website up and running.The end result is that it brings your website to its knees. Remember the scene with Gene Hackman and Christopher Reeves with the Kryptonite, in Superman? Yeah, it’s that bad!
Not only can it affect your site, but it can impact sites on the same servers as you, and even others on the internet. The graph below shows a massive jump in 2013 that was due to a huge internet-wide attack over one week which brought the entire internet to a crawl.
Now in the case of just one computer attacking your site, it can easily be found by its IP address, and shut down. But in the event the attacker has taken control of a bunch of Botnets, it becomes infinitely more difficult. Think of botnets like an army of infected zombie computers out to get you. (Yes, The Walking Dead is real. Well, virtually real).
You wouldn’t think this level of evil could even exist, but there are actually people out there that will hold your website hostage, under threat of a DDoS attack, unless you pay them money! Just this past October, ProtonMail was held hostage for close to $6,000. The ransom was paid, but the attackers unleashed the DDoS anyway. What did you expect? Like I said, you’re dealing with the scourge of the most unscrupulous people on the internet.
In the event this ever happens to you. Don’t negotiate with the terrorists. Just contact your service provider right away and give them all the information you have about the situation.
Good Always Triumphs
Superheroes always find a way to dispatch the super villains. Lex Luthor may have discovered Kryptonite, but Superman always found a way to prevail. And there’s no difference in the world of cyber security. DDoS are very serious threats, but there has been much effort and money put into ways to mitigate, and even prevent them.
The most effective way is to use “scrubbers.” The way the Scrubbers work, is that they monitor the traffic coming to servers and when unusual spikes in traffic occur, that traffic is re-routed and filtered. The good traffic is allowed to continue to your website, and the bad traffic is dumped into a black hole.
There are two methods of Scrubbing. One involves a central, physical “Scrubbing Center”, where all the traffic is routed through and determined whether it’s safe or not. This is the most effective, but also the more expensive option.
The second method is called Cloud Mitigation, and it is cheaper than the Scrubbing Center method, but with the lower cost comes less effectiveness. Some attacks can simply bypass the Cloud method.
Your first choice should be the central, physical Scrubbing Center.
A New Dawn Emerges
Either method of mitigation is still expensive. And for small businesses that get 10-100 visitors a day, protection may not be something to worry about. But if you are a site owner who relies on your website every single day as your income generator, then DDoS attacks should be a major concern and you should have a DDoS Mitigation plan lined up, if not a service already protecting your site.
If you have questions about any of this, or would like to be connected with a DDoS mitigation service, we can help you here at EPhost.