{"id":124814,"date":"2022-11-15T10:00:00","date_gmt":"2022-11-15T18:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=124814"},"modified":"2024-06-26T16:30:51","modified_gmt":"2024-06-26T23:30:51","slug":"2022-holiday-ddos-protection-guide","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/11\/15\/2022-holiday-ddos-protection-guide\/","title":{"rendered":"2022 holiday DDoS protection guide"},"content":{"rendered":"\n

The holiday season is an exciting time for many people as they get to relax, connect with friends and family, and celebrate traditions. Organizations also have much to rejoice about during the holidays (for example, more sales for retailers and more players for gaming companies). Unfortunately, cyber attackers also look forward to this time of year to celebrate an emerging holiday tradition\u2014distributed denial-of-service (DDoS) attacks.<\/p>\n\n\n\n

While DDoS attacks happen all year round, the holidays are one of the most popular times and where some of the most high-profile attacks occur. Last October in India, there was a 30-fold increase in DDoS attacks targeting services frequently used during the festive season, including media streaming, internet phone services, and online gaming1<\/sup>. Last October through December, Microsoft mitigated several large-scale DDoS attacks, including one of the largest attacks in history from approximately 10,000 sources spanning multiple countries2<\/sup>.<\/p>\n\n\n\n

\"Bar
Figure 1. Number of DDoS attacks and duration distribution3<\/sup><\/figcaption><\/figure>\n\n\n\n

While retail and gaming companies are the most targeted during the holidays, organizations of all sizes and types are vulnerable to DDoS attacks. It\u2019s easier than ever to conduct an attack. For only $500, anyone can pay for a DDoS subscription service to launch a DDoS attack. Every year, DDoS attacks are also becoming harder to protect against as new attack vectors emerge and cybercriminals leverage more advanced techniques, such as AI-based attacks.<\/p>\n\n\n\n

With the holidays coming up, we\u2019ve prepared this guide to provide you with an overview of DDoS attacks, trends we are seeing, and tips to help you protect against DDoS attacks.<\/p>\n\n\n\n

What is a DDoS attack and how does it work?<\/h2>\n\n\n\n

A DDoS attack<\/a> targets websites and servers by disrupting network services and attempts to overwhelm an application\u2019s resources. Attackers will flood a site or server with large amounts of traffic, resulting in poor website functionality or knocking it offline altogether. DDoS attacks are carried out by individual devices (bots) or network of devices (botnet) that have been infected with malware and used to flood websites or services with high volumes of traffic. DDoS attacks can last a few hours, or even days.<\/p>\n\n\n\n

What are the motives for DDoS attacks?<\/h2>\n\n\n\n

There is a wide range of motives behind DDoS attacks, including financial, competitive advantage, or political. Attackers will hold a site\u2019s functionality hostage demanding payment to stop the attacks and get sites and serves back online. We\u2019re seeing a rise in cybercriminals combining DDoS attacks with other extortion attacks like ransomware (known as triple extortion ransomware) to extort more pressure and command higher payouts. Politically motivated attacks, also known as \u201chacktivism\u201d, are becoming more commonly used to disrupt political processes. At the start of the war in Ukraine earlier in 2022, the Ukrainian government reported the worst DDoS attack in history as attackers aimed to take down bank and government websites4<\/sup>.  Also, cybercriminals will often use DDoS attacks as a distraction for more sophisticated targeted attacks, including malware insertion<\/a> and data exfiltration.<\/p>\n\n\n\n

Why are DDoS attacks so common during the holidays?<\/h2>\n\n\n\n

Organizations typically have reduced resources dedicated to monitoring their networks and applications\u2014providing easier opportunities for threat actors to execute an attack. Traffic volume is at an all-time high, especially for e-commerce websites and gaming providers, making it harder for IT staff to distinguish between legitimate and illegitimate traffic. For attackers seeking financial gain, the opportunity for more lucrative payouts can be higher during the holidays as revenues are at the highest and service uptime is critical. Organizations are more willing to pay to stop an attack to minimize loss of sales, customer dissatisfaction, or damage to their reputation.<\/p>\n\n\n\n

Why protect yourself from DDoS attacks?<\/h2>\n\n\n\n

Any website or server downtime during the peak holiday season can result in lost sales and customers, high recovery costs, or damage to your reputation. The impact is even more significant for smaller organizations as it is harder for them to recover from an attack. Beyond the holidays when traffic is traditionally the highest, ongoing protection is also important. In 2021, the day with the most recorded attacks was August 10, indicating that there could be a shift toward year-round attacks2<\/sup>.<\/p>\n\n\n\n

Tips for protecting and responding against DDoS attacks<\/h2>\n\n\n\n
  1. Don\u2019t wait until after an attack to protect yourself. <\/strong>While you cannot completely avoid being a target of a DDoS attack, proactive planning and preparation can help you more effectively defend against an attack.