Understanding DDoS Assessment and its importance

In today's digital era, cybersecurity has become a critical concern for organisations worldwide.

One of the most prevalent and disruptive forms of cyberattacks is the Distributed Denial of Service (DDoS) attack. DDoS attacks aim to overwhelm a network, service, or website with a flood of internet traffic, rendering it inaccessible to legitimate users.

To mitigate the risks associated with DDoS attacks, organisations conduct DDoS assessments, which are essential for identifying vulnerabilities, preparing for potential threats, and taking appropriate defensive measures through DDoS protection platforms.

What is DDoS Stress Testing?

DDoS stress testing is a type of security testing used to determine the vulnerability of a service (network up to application OSI layer) under DDoS attacks. It involves simulating a DDoS attack on the network or website to assess its capacity to manage the traffic and identify potential weaknesses.

This proactive approach helps organisations understand how their systems would react under real attack conditions and allows them to implement necessary countermeasures.

Why is DDoS Stress Testing important?

DDoS stress testing is crucial for maintaining the availability of organisations services. By identifying vulnerabilities, misconfigurations, and weaknesses in their systems before a real attack occurs, organisations can take preventive measures to strengthen their defenses.

DDoS stress testing:

• Enables organisations to evaluate the effectiveness of existing measures.
• Help prepare incident response teams and practice their plans during realistic simulated attacks.
• Ensures that networks and websites can manage high traffic volumes and continue to function efficiently during an attack.

Scope of DDoS Assessment

The objective of a DDoS assessment is to perform a Distributed Denial of Service test against the target(s) requested by the client. Consultative companies like KPMG in Cyprus can simulate various types of DDoS attacks during the assessment, including:

• TCP SYN Flood: This attack involves sending a flood of TCP SYN packets to a targeted system. The target system responds to each packet with a SYN-ACK packet, which takes up resources and can cause the system to crash or become unresponsive.
• HTTP/HTTPS GET/POST Flood: In this attack, a massive number of HTTP GET/POST requests are sent to overwhelm a server's resources. This exhausts the server's ability to respond, causing slowdowns or complete service disruption for legitimate users.
• Slowloris: This attack targets web servers by holding multiple open connections with incomplete HTTP requests. It sends partial request headers slowly, keeping connections alive and preventing the server from freeing up resources, eventually causing it to become overwhelmed and unable to handle legitimate traffic.
• RUDY (R-U-Dead-Yet): This attack targets web applications by exploiting the HTTP POST method. It sends form fields with extremely slow data rates, keeping the connection open for long periods and gradually consuming server resources, which can eventually lead to service disruption.

Recent DDoS Attacks in Cyprus

In October 2024, several organisations in Cyprus, including critically important ones for the country, experienced DDoS cyberattacks. These attacks could cause disruptions to their services, which eventually could lead to revenue loss, reputational loss, collateral damage to collaborators, highlighting the importance of robust cybersecurity measures.

Way Forward

DDoS assessments are a vital component of an organisation's cybersecurity strategy. By conducting targeted DDoS stress testing, organisations can identify vulnerabilities, strengthen their defenses, and prepare for potential attacks.

As cyber threats continue to evolve, organisations must remain vigilant and proactive in safeguarding their networks and services.

*Niko Pissanidis, Senior Cyber Security Specialist, Technology Consulting, Cyber Security & Digital Trust, KPMG in Cyprus