DDoS Threats Are Back

DDoS Threats

Are Back

DDoS Threats Are Back

As ransomware attacks continue to make front page news, Distributed Denial of Service (DDoS) attacks may have appeared to decrease. In reality, threat actors continue to engage in DDoS attacks, especially with continued geopolitical tensions, but many go unreported making it difficult to quantify the risk and impact. In fact, over the past three years, DDoS attacks accounted for 28% of cyber threats, but organizations were only moderately effective at detecting and responding to them.

Further, research from March 2022, notes:


Growth rate of DDoS attacks larger than 250 GBit/s


was the most attacked industry in 2021 - target of over 25% of all attacks


of all DDoS attacks in 2021 were Network flood attacks


of all DDoS attacks in 2021 were Transmission Control Protocol (TCP) attacks

While the financial services industry is a major target for threat actors, all industries face DDoS risks. During January 2022, a number of DDoS attacks impacted organizations across the financial services, IT software, IT infrastructure, government and telecommunications industries.

With rising numbers of attackers and evolving methodologies, the attacks became more complex, shifting in frequency and increasing in intensity. By understanding how DDoS attacks work and how they can impact business operations, organizations can more effectively mitigate risk.

What is a DDoS Attack & How Does it Work?

In a distributed denial of service (DDoS) attack, threat actors use multiple machines to send high volumes of requests to networks or servers, ultimately overwhelming them with too much traffic and causing them to become overwhelmed. The malicious actors control the set of infected devices, known as a botnet, and the overloaded network is unable to respond to legitimate requests causing a "denial of service."

DDoS Threats Are Back
Operation of an DDoS Attack, source: SoftwareONE

In the first step of a DDoS attack, the threat actors exploit a security vulnerability or device weakness in internet-connected devices. They then install malware on the device, usually a command and control software, that allows them to tell the devices what to do. The individual devices are called “zombies” or “bots,” and collectively they are known as botnets. Each device sends requests to the targeted network or server, ultimately overloading the resource and making it unable to respond to any requests.

Beware of New DDoS Attack Types

As organizations adopt new technologies, threat actors also evolve their methodologies, including the ones used for DDoS attacks.

Some examples of the evolution of DDoS attacks include:

  • Blended attacks: incorporating DDoS as part of ransomware attacks to force companies to pay a ransom or distract from data exfiltration
  • Black Storm attacks: sending spoofed User Datagram Protocol (UDP) which reduces the number of devices needed for the botnet
  • Middlebox reflection: leveraging in-network middleboxes that monitor and filter packet streams to reflect IP traffic

How Much a DDoS Attack Can Cost Your Business

Since a DDoS attack disrupts networks and servers, they usually lead to business downtime and in turn, can cost companies hundreds of thousands of dollars, if not millions. This can include both internal or customer-facing resources and can lead to:

Customer Churn

With more companies delivering digital customer experiences, a DDoS attack can prevent customers from accessing applications and data. For example, a DDoS attack against a Voice-over-Internet-Protocol (VoIP) company last autumn led to service disruption, preventing customers from sending or receiving calls. When reliability and security become a concern, customers will take their business elsewhere.

Service-Level Agreement Violations

Companies in the business-to-business space need to consider whether service downtime will lead to a contract violation. In this case, the organization may need to pay a penalty, or the customer may choose to terminate the contract. Companies must have a solution in place to mitigate these types of attacks.

Lost Productivity

Business applications and organizational networks can also be impacted by a DDoS attack. This means that employees will be unable to access the resources they need to do their jobs, reducing productivity and impacting profits.

Response Costs

Just like any other attack type, organizations need to respond to a DDoS attack promptly. They need to contain the malware and restore all devices, systems, and networks to their pre-attack state.

Legal and Compliance Costs

When DDoS attacks are used to mask data exfiltration, companies may find that the initial outage also leads to privacy violations and potential lawsuits. Not only are these increased costs, but they can take a long time to resolve.

How Do You Know You’ve Suffered a DDoS Attack?

DDoS attacks often begin with subtle changes in network traffic or resemble maintenance issues.

When trying to determine whether an organization has experienced a DDoS attack, security teams usually look for some of the following indicators:

  • Slow network performance, like latency when opening files or accessing websites.
  • Unavailable website domain
  • Inability to access web resources
  • Abnormal network traffic patterns from devices or an IP address
  • Abnormal network traffic to a single endpoint or IP address

How to Prevent a DDoS Attack with SoftwareONE

Network and device security are fundamental to preventing a DDoS attack. Organizations need anti-virus solutions to help protect all devices, including routers, from malware that turns devices into bots. Additionally, strong passwords for routers and internet-connected devices provide a layer of security preventing threat actors from leveraging these devices as part of their botnets.

SoftwareONE’s portfolio of managed security services enables customers to create proactive security programs. Our vulnerability assessment and penetration testing services give you a way to find any security weaknesses or vulnerabilities that threat actors can use as the first step in a DDoS attack. With our Managed Detection and Response (MDR) services, customers gain more robust incident detection capabilities for faster investigation and response. Finally, with our incident response and security testing, you’re able to create a cyber-resilient program that incorporates containment and recovery to get your customers and workforce members up-and-running faster.

Never Miss Another Attack

Activate around-the-clock threat protection with SoftwareONE’s Managed Detection and Response. Protect your organization from the unknown.

Learn More

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO


Related Articles

Automation: Cybersecurity’s Friend and Enemy

Automation: Cybersecurity’s Friend and Enemy

Have you integrated automation into your security strategy? Keep reading as we take a closer look at the pros and cons of an automated cybersecurity defense.

Cyber Security Update May 2022
  • 23 June 2022
  • Bala Sethunathan
  • Managed Security, Cybersecurity, Cyber Threat Bulletin
  • Data Security, Security, Ransomware

Cyber Security Update May 2022

Scammers are using more ruthless and sophisticated phishing techniques to acquire confidential data. Don’t let the criminals fool you.

Is MFA Enough to Protect Your Data?
  • 23 May 2022
  • Chris Armstrong
  • Cybersecurity, Cybersecurity User Awareness, Managed Security
  • Microsoft, EDR, Conditional Access, Zero Trust

Is MFA Enough to Protect Your Data?

Many companies have now implemented MFA, but is this enough to cover against all security challenges?