Although it’s been a go-to method for decades, distributed denial of service (DDoS) is emerging as one of the most common and disruptive cyber threats affecting organizations today. It’s relatively easy to pull off, and many websites and companies don’t have reliable protection in place to stop the sudden flood of requests that overwhelms their servers.
Just recently, the Internet Archive – a highly-trafficked portal dedicated to preserving books, media, and webpages – was forced to shut down for over a week due to a devastating DDoS attack.
On October 13, 2024, millions of users were unable to access Internet Archive’s extensive collection of digital content, a knowledge repository that many depend on for academic research and access to public domain materials. It took about eight days for site admins to recover and bring the repository back live.
The cause? An orchestrated attack by a group named SN_BlackMeta, who allegedly made Internet Archive a target due to its ties with the U.S. government. This group, and many others like it, regularly target organizations for not much reason other than an ideological misalignment or even just being located in a particular country that the attackers don’t like.
The Business and Operational Impact of a Prolonged DDoS Attack
The Internet Archive is a prime example of the business and operational consequences of a prolonged DDoS attack. The service was completely shut down for several days, leaving it unable to deliver on its mission of simply providing open access to knowledge and cultural materials.
For service and software organizations, the consequences are even more severe, as even a few hours of downtime means lost revenue and erodes trust and interest from consumers.
Another worrying trend with DDoS attacks is that they’re often accompanied with another cyber attack that targets the organization’s data or infrastructure. This one-two punch of security incidents is quite common. A DDoS attack can be used as a diversion tactic before launching a secondary, more targeted attack.
In the case of the Internet Archive, there was a data breach that exposed the personal information of approximately 31 million users two weeks before the DDoS attack. Between these incidents, the Internet Archive faces significant financial and operational strains to securely resume service and restore public trust.
Without having a DDoS protection solution, many organizations may be exposed to similar attacks. A DDoS protection tool can analyze incoming traffic to ensure only legitimate network-level requests reach the server, filtering out malicious traffic. It can also work for application-layer DDoS attacks, where bot activity is even more common and disruptive than traditional, network-level attacks.
Experts estimate that about one-half of all internet activity comes from bots, and about one-third from malicious bots. Thus, having the ability to filter this undesired traffic has become crucial for ensuring a secure and reliable service for users.
Lessons Learned from the Internet Archive Incident
If there’s one positive to come out of the Internet Archive incident, it’s that it taught us a lot, especially in terms of the boxes we need to check to build stronger and more resilient defenses against DDoS attacks.
First, we need a way to quickly detect DDoS attacks. And when talking about quick, we mean instantaneous detection, which is only possible when using automated detection tools that can differentiate between legitimate and malicious traffic.
Scalability is also important. For a huge platform like the Internet Archive, it seems like the sudden surge in traffic should’ve been managed better, ideally by a system capable of automatically scaling resources to handle increased demand.
Lastly, organizations need an incident response plan to quickly respond to and recover from these events. As many cybersecurity experts will tell you, a cyber attack is a question of if, not when. So, having a detailed, well-rehearsed plan is essential. This involves establishing clear roles and responsibilities, as well as protocols for isolating affected systems.
How Modern DDoS Protection Solutions Can Prevent or Minimize Damage
Luckily, modern DDoS-protection solutions have evolved significantly over the years, making them a reliable and necessary line of defense.
These solutions come with automatic monitoring and mitigation capabilities that will continuously monitor your network traffic and identify abnormal patterns or suspicious spikes in real-time. When unusual activity is detected, the system will instantly block or filter out the bad traffic.
DDoS protection solutions have also become more comprehensive, efficient in defending against everything from volumetric network-layer attacks (like UDP floods) to more sophisticated application-layer attacks (like HTTP POST floods). With the right solution, you could build a layered defense strategy, effective in stopping a wide range of DDoS attack types.
Many modern DDoS protection solutions are compatible with providers like IBM Cloud, AWS, and Azure, as well as on-premises setups. This flexibility allows organizations to protect their assets regardless of where they are hosted.
With these features, organizations can stop attacks altogether, or significantly reduce downtime and ensure operational continuity.
Conclusion
The attack on the Internet Archive is a wakeup call to organizations of all types and sizes. DDoS attacks are a real threat that must be taken just as seriously as seemingly more devastating attacks like ransomware or data breaches.
A successful DDoS attack will disrupt operations, tarnish your reputation, and can cost a fortune to recover from. Organizations can no longer afford to overlook these risks. Investing in a proactive and layered DDoS protection strategy should be seen as a strategic investment in the longevity and resilience of your organization.