What actually happens during a DDoS attack?

Roughly speaking, the target system of such a DDoS attack is overwhelmed with legitimate requests. As they are made in large numbers and in short periods of time, the attacked system collapses under the load. This may already have been the target of the attackers. Instead of the usual homepage, visitors to the pages then see nothing, or a cloud server is unable to fulfil its tasks. The attack may then go even further if the hackers try to infiltrate other systems based on the gap in the network of the attacked party.

Companies can fall victim to such attacks in two ways:

• Direct: One of the company's systems is the actual target of the attack.
• Indirect: The company's infrastructure serves as a platform for carrying out such an attack.

In order to achieve the goal of an attack, hackers often first prepare the attack by hiding a large number of programmes (bots) in IT systems. These do not initially affect the infected system, but wait in disguise until they are activated. At a certain point in time, the attackers then take control of the infected systems, which only then carry out the prepared attack attempts on the actual target.
In other words, a company can be the target of such an attack without actually being targeted.

It is no longer just traditional PCs or network components such as routers that serve as the starting point for DDoS attacks. In principle, all technical components that have Internet access can be misused. This ranges from IP-based cameras to printers and IoT components such as smart light bulbs or thermostats. The criminals are targeting vulnerabilities in the components either published by the manufacturers themselves or discovered by
. Robots scour the web in search of suitable devices and automatically install the malicious software on them. This process is completely independent of whether a company is "attractive" to the attacker. At the time of scanning for vulnerabilities, the criminals do not even know the company and its systems. This first step can be well illustrated by the "watering can principle". The search is completely random - it's the masses that do it.

As part of your IT security strategy, you should work against such attacks from several directions:

• Protecting your own systems such as production facilities or network transitions using firewalls and load balancers. Such solutions are also sometimes combined and then referred to as "Security Information and Event Management (SIEM)".
• Regular updates of all technical equipment to the latest versions, i.e. promptly closing security gaps with the patches offered by the manufacturers.
• Retiring hardware for which there are no more patches from the manufacturers.

Practical tip:
If you decide in favour of software, research in advance how often new patches or updates are made available. Sometimes there are also services that regularly take care of updates.

We can help you keep track of your IT security amidst the flood of providers and services.

Feel free to contact us for more information