Data Centers and ISPs Aren’t Prepared for DDoS Attacks

Most successful businesses have an entry somewhere in their books for what’s called “inventory shrinkage.” These are financial losses due to issues like employee theft or shoplifting, products damaged in handling, and cashier or online shopping cart errors. As long as the shrinkage is kept at a manageable level, businesses are inclined to view it as a cost of doing business.

Companies that conduct operations on the Internet occasionally experience a different type of shrinkage: lost sales or profit due to server downtime. When that downtime is minimal, it makes sense to consider any associated losses as a cost of doing business; just like phone or electric service, no online system can be guaranteed to be 100% perfect, year after year.

However, that doesn’t mean all service interruptions should be considered simply a cost of doing business. DDoS (Distributed Denial of Service) attacks conducted by hackers or other bad actors, and directed at companies, organizations and institutions, can cost large businesses as much as a million dollars per day. And that doesn’t count the collateral damage done to their reputations, client base and data security.

Want the even scarier news? Even today, despite regular news stories about the growing size and frequency of DDoS attacks, most data centers and ISPs (Internet Service Providers) aren’t properly prepared to protect against or mitigate those attacks.

It’s crucial that every company and organization dependent on the Internet understands why that’s true and what they can do about it – because DDoS attacks don’t simply result in a little shrinkage. They’re a major financial threat to your business.

What Is a DDoS, and What Makes it So Dangerous?

Let’s start with the basics. The goal of a DDoS attack is to prevent a company from operating online for a prolonged period of time. (There can be many reasons behind an attack, ranging from political motivations and revenge, to extortion and other acts of cyber-crime, but here we’re more concerned with the “what” than the “why.”)

The most vulnerable area of an organization’s online operations is usually its computer server or network, which receives and transmits data over the Internet, because all computers have limits on their capacity. A DDoS attack is designed to overload that capacity; once servers can no longer handle the demands being placed on them, they’ll be unable to respond to legitimate requests. They will slow to a crawl, be rendered useless or shut down completely.

In the early days of DDoS, it was relatively simple to deal with an attack, because it would normally come from a single computer address (IP), or a relatively small number of them. The service provider or host could simply analyze incoming traffic and shut off access to the attacking IP(s) to return operations to normal.

Over time, however, hackers have become more proficient and much more evasive. Their primary weapon is what is known as a “botnet” – a huge network of computers around the world that have been infected by malicious viruses so they can be used as unsuspecting “agents” for the hackers. They can also “spoof” Internet addresses to hide the real origin of traffic.

When given the command, the computers in a botnet simultaneously connect to a DDoS target, meaning the target’s servers have to deal with innumerable requests from seemingly-innocuous IP addresses. In a flash, the servers’ bandwidth is overwhelmed and in the worst-case but common scenario, the company is taken completely offline and their websites are unreachable. That’s the “denial of service” that the DoS in DDoS refers to.

The results can be disastrous. Surveys done by content delivery networks and analytics companies like Incapsula, Akamai and Neustar have found that a successful DDoS attack costs the average company $40,000 per hour, with as many as 30% of respondents placing the figure at $100,000. And on average, it takes anywhere from six to 24 hours to discover, diagnose and mitigate an attack. Even most small companies report a DDoS costs them at least $5,000 per hour – and that’s not including non-monetary damage to the trust in their website. Think you’re not at risk? Think again. Surveys samples show that as many as 60% of North American companies are hit by at least a small DDoS every year.

We’ve alluded to one reason this isn’t an easy problem for data centers and ISPs to deal with: the difficulty of classifying and isolating enormous amounts of malicious traffic arriving all at once. That’s far from the only issue, though, as we’ll explain next.

The Complexities of Modern DDoS Attacks

Once upon a time, the Internet primarily consisted of servers and desktop computers (or huge laptops) exchanging information over a wired infrastructure. Today, of course, there’s a nearly infinite number of wired and mobile connected devices (and even appliances, thanks to the Internet of Things), and the ways in which servers and networks operate and interact are more complicated than ever. This enormous mish-mash of technology ensures that there are billions of Internet addresses from which bad traffic can potentially originate, and dozens of ways that vulnerabilities can be exploited.

Earlier, we mentioned the early days of DDoS attacks when ISPs and data centers could simply “filter out” traffic from problem IPs. This is now much more difficult due to the added complications of botnets, IP spoofing and techniques used to magnify the size of modern-day attacks – but it can be done, at least to an extent, by a number of service providers.

Here’s the problem. Those attacks are “volumetric” attacks designed to overwhelm servers with a sheer volume of traffic. Volumetric assaults have been around for many years and are familiar to most providers; they’re not easy to fight, but it’s doable for some. Hackers have many more tools in their kit these days, however. Volumetric attacks are still the most common method of launching a DDoS, but there are others that are harder to protect against or mitigate.

Protocol attacks (also known as TCP state-exhaustion attacks) focus on disrupting the server’s or network’s infrastructure by attacking components like firewalls and load balancers to use up all of their available connections; layer-7 attacks (also known as application layer attacks) target a specific weakness in a single application running on a server, and then taking down the entire machine by monopolizing all of its resources. Layer-7 attacks are the most sophisticated, yet only require a small volume of traffic to do their damage. Some hackers now combine multiple types of attack in their DDoS forays, and there even so-called “zero-day” attacks that go after vulnerabilities that have yet to be discovered by hardware or software providers. Preventing and mitigating these more advanced attacks is extraordinarily difficult and expensive.

By now, you realize that it takes a very high level of technological understanding and experience for data centers and ISPs to keep up in the cat-and-mouse game that hackers are waging with them – and that it isn’t really a game that results in “shrinkage,” it’s an all-out war. Unfortunately, most service providers simply aren’t equipped to keep up. That makes it incumbent on customers to proactively seek a method of remote DDoS protection that can keep their resources available and their business running.



Sharktech is a private company founded in 2003 by CEO and DDoS Protection Pioneer Tim Timrawi. The company has more than 25 employees throughout its headquarters in Las Vegas, Nevada, and data center facilities in Los Angeles, CA, Denver, CO, Chicago, IL, and Amsterdam, Netherlands.