They go after applications, not networks, and take fewer resources to execute. So criminals are getting a good ROI by attacking smaller companies. Distributed denial of service (DDoS) attacks aren’t what they used to be … and that’s not good. They used to only be attacks from armies of bots against large organizations, sometimes for political reasons and somet imes for extortion. Now DDoS attacks are more targeted and don’t need nearly as much in the way of resources, which means organizations of all sizes are now at risk. The classic DDoS attack relies on brute-force to shut down network traffic to a site. Because these required the use of a large number of bots, attackers typically just went after large enterprises. Even criminals are concerned with ROI and they needed a sizeable payoff in order for an attack to be worth it. These are the type which played a part in both the recent South Korean and Russian elections – in these cases the ROI is measured in political power. Now the attacks are moving from network level to application level. “They find a soft spot in an application then exploit it,” says Marc Gaffan, co-founder of Incapsula – one of several companies providing DDoS mitigation services. Unlike the old model attack, this doesn’t stop people from getting a website, but using it is pretty much impossible. This attack requires far fewer bots and costs a lot less money, so they can target smaller organizations. “They can blackmail any size website,” says Gaffan. No surprise then that the number of DDoS attacks has skyrocketed. According to a report by Prolexic, another service provider, “The volume of packets-per-second (PPS) has almost quadrupled compared to Q3 2010, illustrating a significant increase in the size and diversity of attacks over the past 12 months.” The standard way of dealing with DDoS was for a company to install a network firewall designed for this. However, those require a lot of work to manage and maintain. That’s not a problem for large companies which can afford to devote IT resources to this. The newer mitigation get around this by via cloud-based technology. Typically they re-direct traffic to their servers, scrub it and then send the legitimate traffic to the client. This model has cut down prices making DDoS mitigation and prevention an option for most firms doing business on the web. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe