Imagine that your website is a physical on-street store. Thousands of people show up and block the entrance so that no one can enter. The problem is that you have no way to identify real customers from fake customers, making it impossible for you to eliminate the source of the threat or to allow genuine customers to enter.
DDoS (Distributed Denial of Service) attacks take down a website by depleting its server resources. During an attack, a target website is overwhelmed with fake traffic, causing it to slow down or become completely inaccessible to legitimate users.
While this analogy is simplistic, it demonstrates the basic structure of a DDoS attack. Malicious scammers flood a website with fake customers from multiple sources, preventing legitimate users from accessing it and making it very difficult for the victim to locate and disable the actual perpetrator(s).
When DDoS attacks occur, they are fast, sudden, and can potentially cost a business dearly in lost business and reputational damage.
Hackers Don’t Have to Be Tech Savvy
If you want to take a network off the internet, the easiest way to do it is with a distributed denial-of-service attack. While high-profile organisations were more likely to be targeted in the past, now DDoS targets include any internet-based business or service – including busy ecommerce sites, gaming sites, credit bureaus and stock exchanges.
And in fact, you don’t even need to be technically proficient to execute an attack.
Back to the point: you don’t need to be technical to carry out a DDoS attack. Malicious web services now offer DDoS-as-a-Service. This means that a crime that was once only possible if you were a sophisticated hacker, is now accessible by the masses.
Unfortunately, even novices can launch sophisticated attacks at the touch of a button, which makes it crucially important for companies to implement a robust DDoS mitigation plan.
The Motives behind DDoS Attacks
As with any crime, the motivations behind DDoS vary, and can include anything from cyberwar to ideological belief and even personal enjoyment.
But the most common motivation in the commercial sector is:
- Industry sabotage
Many businesses who are victims of a DDoS attack believe the attack to be executed by a competitor. These attacks are very strategic, occurring at peak times such as during holidays or sales.
You Deserve 99.9% Uptime
Our mission is for your website to operate seamlessly, without unpleasant surprises like downtime and outages.
At UPayments, we take this responsibility – and the trust you place in us – very seriously.
Yet, at 7:00PM on February 10, 2022, many of our customers experienced intermittent service outages for up to 1 hour.
Here’s what happened:
On February 10, 2022, UPayments was a main target of a DDoS attack.
This malicious cyber attack took place over 4 days in a strategic manner with the end goal of halting our services.
Visually, this is what the attack actually looked like:
During normal service, our peak traffic looks like this:
You can see that traffic is stable, indicating normal user behaviour.
Now here’s what our traffic looked like during the DDoS attack:
You can see that malicious traffic spiked over 3-4 days, but was rapidly mitigated within 72 hours
In a nutshell, over a couple of days, we experienced a 2000% increase in traffic. Our servers were tasked with handling almost 1 billion requests in less than 72 hours!
The problem with DDoS attacks of this scale is that they are sudden and difficult to identify, and often cause prolonged website outages – often for days, and even weeks.
While even the most powerful organisation in the world can’t absolutely guarantee DDoS attack prevention, there are best practices that responsible companies deploy.
Cyber threats evolve continuously which means that what works today may not work tomorrow. Therefore, the best defence against DDoS attacks is one that is always-on, always-learning, and operating in real-time.
At UPayments, we invest heavily in cybersecurity. What this means is that we take your security seriously. And we plan on doing this for the long-term future, to make sure that you have seamless and safe operations.
What this means for our customers is that we were able to react swiftly alongside our partners to make sure that business operations were minimally impacted as a result of this denial of service attack.
The honest reality of Tech companies is that they are always prone to attacks. Not even Google, the FBI or even the White House can guarantee 100% up-time, and if they do, one should take that statement with a grain of salt. At UPayments, honesty and integrity are one of our core values and this is how we like to do business. And that is why we are sharing this news – to educate, to remain honest and to let you know that we have taken the greatest measures to make sure that even the 0.1% downtime does not affect you or your operations in the future.