Protecting

yourself from
holiday-season
DDoS attacks
While distributed denial-of-service (DDoS)
attacks happen all year round, the holidays are
one of the most popular times and where some
of the most high-profile attacks occur.

DDoS refresher
DDoS attacks are carried out by individual devices What? Why? How?
(bots) or network of devices (botnet) that have been
infected with malware and used to flood websites or
services with high volumes of traffic. DDoS attacks A DDoS attack Criminals use Thanks to the
can last a few hours, or even days. floods a site or DDoS attacks cybercrime as a
server with to extort site service business
errant traffic to owners for model, a DDoS
disrupt service financial, attack can be
or knock competitive ordered from
it offline. advantage, or a DDoS
Rise of the political subscription
hacktivists reasons. service for as
little as $500.1
Politically motivated attackers, also
Example:
known as “hacktivists,” use DDoS
attacks to disrupt political processes. In a February 2022 prelude to invasion, anti-Ukraine
hacktivist attackers launched what has been described
as the largest DDoS attack in history against Ukrainian
banking and government websites.2

3 reasons why DDoS attacks are so common during the holidays

1 2 3
Organizations typically Traffic volume is at an For attackers seeking
have reduced resources all-time high, especially for financial gain, the
dedicated to monitoring e-commerce websites and opportunity for more
their networks and gaming providers, making lucrative payouts can be
applications—providing it harder for IT staff to higher during the holidays
easier opportunities for distinguish between as revenues are at the
threat actors to execute an legitimate and illegitimate highest and service uptime
attack. traffic. is critical.

The peril of holiday-season attacks

Any website or server downtime during the peak holiday season can result in lost
sales and customers, high recovery costs, or damage to your reputation. The
impact is even more significant for smaller organizations as it can be harder for
them to recover after an attack.

DDoS attack categories

In general, a DDoS attack falls under three primary categories, with a variety
of different cyberattacks within each category. New DDoS attack vectors emerge every day as cybercriminals
leverage more advanced techniques, such as AI-based attacks.

Volumetric attacks Protocol attacks Resource layer attacks

Targets bandwidth. They are Targets resources. They exploit Targets web application packets.
designed to overwhelm the weaknesses in the layer 3 and They disrupt the transmission of
network layer with traffic. layer 4 protocol stack. data between hosts.
Example Example Example
A DNS (domain name server) A SYN (synchronization An SQL injection attack, which
amplification attack, which uses packet flood) attack, which inserts malicious code into
open DNS servers to flood a consumes all available server strings that are later passed to
target with DNS response traffic. resources (thus making an instance of SQL Server for
a server unavailable). parsing and execution.

Attackers can use multiple attack types, including ones from different categories, against a network.

Tips for protecting and responding

against DDoS attacks
While you cannot completely avoid being a target of a DDoS attack,
proactive planning and preparation can help you more effectively
defend against an attack.

#1 Evaluate your risks and vulnerabilities

Holiday-season complications
Start by identifying the applications within your Remember, higher levels of traffic
organization that are exposed to the public internet. around the holidays may make
Also, be sure to note the normal behavior of your abnormalities harder to detect.
application so you can respond quickly if it begins
behaving differently than expected.

#2 Make sure you’re protected

With DDoS attacks at an all-time high during the holidays, you need a DDoS protection
service with advanced mitigation capabilities that can handle attacks at any scale. Look
for service features such as traffic monitoring; adaptive real-time tuning; DDoS
protection telemetry, monitoring, and alerting; and access to a rapid response team.

#3 Create a DDoS response strategy

The value of simulated attacks
Having a response strategy is critical to help you We recommend running attack simulations
identify, mitigate, and quickly recover from DDoS to test how your services will respond to an
attacks. A key part of the strategy involves assembling attack. During testing, validate that your
a DDoS response team with clearly defined roles and services or applications continue to function
responsibilities. This DDoS response team should as expected and there's no disruption to the
understand how to identify, mitigate, and monitor an user experience. Identify gaps from both a
attack and be able to coordinate with internal technology and process standpoint and
stakeholders and customers. incorporate them in the DDoS response
strategy. We recommend that you perform
such tests in staging environments or during
non-peak hours to minimize the impact on
the production environment.

#4 Reach out for help during an attack

If you think you are experiencing an attack, reach out to the appropriate technical
professionals, such as an established DDoS response team, for help with attack
investigation during an attack as well as post-attack analysis once it has concluded.

#5 Learn and adapt after an attack

While you’ll likely want to move on as quickly as possible if you’ve experienced an attack,
it’s important to continue to monitor your resources and conduct a retrospective after an
attack. Make sure your post-attack analysis considers the following:

• Was there any disruption to the service or user experience

due to a lack of scalable architecture?
• Which applications or services suffered the most?
• How effective was the DDoS response strategy, and how can it be improved?

Don’t let DDoS attacks ruin your holidays!

Prepare for the upcoming holiday season with the
2022 holiday DDoS protection guide.

Get the latest insights from

Visit Microsoft Security Insider
Microsoft Security:

©2022 Microsoft Corporation. All rights reserved. This document is provided “as-is.” Information and views
expressed in this document, including URL and other Internet Web site references, may change without notice.
You bear the risk of using it.

1 Microsoft Digital Defense Report 2022 | Microsoft Security 2 Ukraine Suffers Biggest DDoS Attack on Record in Russia Standoff - Bloomberg