UP TO 50% OFF on Combo Courses!

DDoS Attacks: How They Are Evolving

With almost all businesses moving online, what would happen if it was unavailable even for a few hours in a day? Business would slump, leads would be lost, new business relationships cannot be forged, profits would fall and this may lead to other disasters within the organization as well. This is exactly what could happen if there was a DDoS attack on an organization that is solely dependent on its online model for its business.

For the security conscious, individuals and organization, ‘DoS’ attacks and ‘DDoS’ attacks are not new. In a ‘Denial of service’ attack or DoS attack the host is bombarded with multiple TCP/UDP packets from a single computer and a single Internet connection. The host is unable to handle the hundreds and thousands of fake requests and the site slows down or totally crashes.

DDoS or the ‘Distributed Denial of service attack’ on the other hand is closely related to the DoS attack but is much more, fierce. In a DDoS atack, instead of one attacker, a few attackers try to overwhelm and bring down a system by making use of multiple computers and multiple Internet connections around the world.  A master computer gives directions to other slave computers and they in turn will cripple financial systems or ruin major corporations. It is much more difficult to recover from a DDoS attack as it is harder to locate the origin of the attack.

Some statistics related to DDoS attacks:-

  • Some recent examples of DDoS attacks are the GitHub attack (February 2018) which saw traffic at a rate of 1.3 Terabytes/sec, Telegram attack in June 2019 and Brian Krebs site attack in 2016.
  • China was a popularly targeted region followed by the USA and Hong Kong
  • Sundays were dull days for DDoS attacks and Mondays were the most active for the second quarter of 2019
  • The duration of attacks that lasted for 4 hours or more increased in the second quarter of 2019 (DDoS attacks in Q2 2019, 2019)
  • It is also interesting to note that a large DDoS attack on an organization is mostly recognized only by the customers and clients of the organization when they probably notice a downed server and not by the organization itself.

Having seen the definitions and statistics related to DDoS, let us dive into the changes in the DDoS attacks.

Changes in DDoS attacks:

Technology changes and so do hackers and their strategies. With most businesses aware of DDoS attacks today, they are better prepared to handle the attacks. However, while large scale attacks are easier to detect and mediate, there have been more, smaller DDoS attacks on the scene. These smaller attacks do not trigger any defenses on the organization’s end. They are also shockingly stated to be detected only by 28% of businesses! According to Neustar Q2, 2019 Cyber Threats and trends report, smaller attacks can be carried against specific services, gateways, applications, and Application Programming Interfaces (API) (Q2, 2019 CYBER THREATS AND TRENDS REPORT)

These smaller attacks are used by hackers to proliferate, systems and install malware. They also cause the system to slow down thus degrading the process of the site.

How to handle the DDoS attacks:

Given the changes in DDoS strategies, it is good to find the valuable assets in an organization and place it under “always-on” DDoS mitigation strategy. Once done, the traffic has to be monitored to analyze it completely. This will lead to a conclusion as to whether the valuable assets have to be constantly under the “always-on” category or other resources also, have to be protected.



Jayanthi Manikandan ( )
Cyber Security Analyst
Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train.
Cracking CISSP Domain