Among the owners of web resources, there is an opinion that DDoS attacks of only high power can lead to failures in the operation of the attacked system. And although this view is quite common today, it is wrong, and in this article we will analyze why.

Strong DDoS attacks (with a capacity of more than 100 Gbps/100 Mpps) do cause huge damage, but in our experience, their percentage of the total number is negligible: 0.5% of the total number of attacks per quarter. As recent studies show, short-term, low-power attacks that affect the network infrastructure of organizations become a percentage more than powerful ones.

And this is not surprising: to organize powerful attacks, hackers need a lot of equipment (for example, dedicated servers, which are expensive) and not everyone can afford it. Small attacks occur much more often, because a small number of bots can be used to implement them - for example, home computers infected with special malware or hacked IoT devices.

Anyway, smaller DDoS attacks can lead to the same unpleasant consequences as attacks with a large volume, for three reasons:

• They consume system resources, which affects the speed of the attacked resource for end users;
• It takes a lot of time for specialists to troubleshoot problems;
• They can serve as a link in a complex chain of cybercrimes.

Therefore, this threat cannot simply be ignored.

The impact of low-power attacks on the system

How do low-power attacks deal damage? They overload the victim's infrastructure and equipment, leading to the exhaustion of system resources, thereby depriving end users of access to this Internet resource. The availability of a website or app is important for users and directly affects the level of brand loyalty. Even a few minutes of downtime can undermine customer trust and damage the overall reputation of the company.

Attackers prefer small-scale DDoS attacks because they require much less effort for the organization and are rarely recognized by outdated security systems. Outdated DDoS attack prevention tools are unable to distinguish them from normal traffic. Such attacks, even if they do not achieve their goal, allow attackers to check the network for vulnerabilities and the level of security in order to plan more effective cyber attacks in the future.

Organizations awareness of DDoS attacks

The owners of organizations can assume that the DDoS attack did not affect the operation of their web resources. But in fact, the scale of damage after an attack is extremely difficult to assess if the company does not have highly effective DDoS protection systems that can display the scale of the damage in real time.

Organizations that do not have the necessary means of protection do not suspect that they were attacked by a DDoS attack, and therefore can link the outage to other system problems. While today, no website or online application is immune from DDoS attacks and their consequences.

Pay attention even to short-term failures - protect your business from attacks of any power.