ao link
Charity Digital
Search
Remember Login

New to Charity Digital?

User Menu
Remember Login

New to Charity Digital?

Remember Login

New to Charity Digital?

Search

What is a denial-of-service attack?

Cyber criminals can take web sites down by overwhelming them with traffic. We look at how to protect your charity against denial of services attacks

Denial of service - Main.png
What is a denial-of-service attack?

If a cyber criminal launches a denial of service (DoS) attack against your charity’s site, the results can be truly devastating: supporters may be unable to make donations, service users may be unable to access vital resources and information, and trust in your organisation may be severely damaged.

 

The good news about DoS attacks is that they are usually short-lived. Many only last for a matter of hours, but some can carry on for days or even weeks.

 

The bad news is that they are particularly difficult to protect against. That’s because they exploit weaknesses in third parties’ cyber security measures, and that means that no matter how good your charity’s cyber security measures are, it is still vulnerable to a DoS attack.

 

 

So what exactly is a DoS attack?

 

A DoS attack works by driving large amounts of internet traffic to a web server until it is overwhelmed. The result is that legitimate internet users who want to visit the web site are unable to access it.

 

It’s the digital equivalent of getting thousands of people to call a company’s phone line at the same time over a sustained period: the result would be that ordinary customers would be unable to get through because the phone number would be permanently engaged.

 

 

How do cyber criminals launch DoS attacks?

 

To launch a DoS attack, cyber criminals need to use hundreds or even thousands of computers that send traffic to the victim’s web site. The most common way to do this is to send out a particular type of malware across the internet to infect computers. Once a computer is infected with this malware the cyber criminals can control that computer remotely.

 

A computer infected in this way is known as a bot and a large collection of infected computers is known as a botnet. Once a cyber criminal has created a botnet they can then then choose a victim for a denial of service attack and instruct all the bots in the botnet to start sending out internet traffic to overwhelm the victim’s web site.

 

Since the traffic comes from many different computers, rather than a single source, this type of attack is sometimes called a “distributed” denial of service attack, or, more simply a DDoS attack.

 

 

Botnets for hire

 

One of the most disturbing aspects of botnets is that cyber criminals sometimes offer them out for hire as a service to other cyber criminals. That means that anyone wanting to disrupt a particular business or charity can simply pay for the use of a botnet and launch a DDoS attack against their chosen victim with the minimum of effort.

 

 

Why would cyber criminals launch a DDoS attack against your charity?

 

There are a number of reasons. Some may be activists who disagree with the aims of your charity and hope to disrupt the services you provide or prevent people from making donations during a fund raising campaign.

 

Others are purely motivated by financial gain, and may demand a payment in return for stopping the DDoS attack.


Related Articles

Everything you need to know about malwareEverything you need to know about malware
Podcast: How to be digitally inclusivePodcast: How to be digitally inclusive
What is ransomware?What is ransomware?
What is trojan horse malware?What is trojan horse malware?

How to protect your charity against a DDoS attack

 

DDoS attacks use infected computers – bots – and since your charity has no control over other people’s security measures, it can’t prevent cyber criminals from creating large botnets. But there are a few things you can do to minimise the danger of a DDoS attack.

 

 

Spot a DDoS attack as quickly as possible

 

You can only protect yourself against a DDoS attack once  you have spotted that one has been launched against your charity’s website. So it is important that someone in your organisation keeps an eye on how busy your website is.

 

Large spikes in traffic could simply be in response to your charity’s activities (such as a publicity campaign) but it could also be the first sign that a DDoS attack has been launched.

 

 

Take technical measures if your charity hosts its own website

 

If you operate your own web site then it is important that IT staff are ready to take sensible technical measures to reduce the impact of a DDoS attack when you detect it. For the technically minded these measures should include:

  • Limit your router to prevent your Web server from being overwhelmed
  • Add filters to tell your router to drop packets from obvious sources of attack
  • Time out of half-open connections more aggressively
  • Drop spoofed or malformed packages
  • Set lower SYN, ICMP, and UDP flood drop thresholds

 

Call your internet service provider (ISP) for help

 

Keep emergency contacts for your ISP or hosting provider readily available so you can do this quickly. Depending on the strength of the attack, the ISP or hosting company may already have detected it – or they may themselves start to be overwhelmed by the attack.

 

If you use a web hosting company then they will likely have a high capacity internet connection so it will be able to withstand a DDoS attack more effectively than if you host your own website. Even so, a large scale DDoS attack will pose a challenge, and your ISP or hosting company should have procedures in place which they can activate as soon as you inform them of an attack.

 

 

Consider using a DDoS mitigation specialist

 

If it is vital that your charity’s web site remains available during a DDoS attack, the you may have to consider paying for the services of a DDoS mitigation company. Most ISPs and hosting companies will have a partnership with one. Many offer a subscription at a cost of a few hundred pounds per month, or their services can be called on on an ad-hoc basis at a much higher cost.

 

DDoS mitigation companies can divert all traffic targeted at your website to themselves, where they can analyse the traffic, filter out unwanted data, and then pass on legitimate traffic to your website. The drawback to these services is that they can be expensive, and they also make the website slower and less responsive.

 

 

Wait it out

 

The alternative to fighting a DDoS attack is simply to wait until the attack subsides. If your charity can bear the consequences, then doing nothing until the DDoS attack peters out may be a practical, if unattractive, option.

More on this topic

Cyber security: what to look out for in 2025

Cyber security: what to look out for in 2025Sponsored Article

Charity Digital Academy

Our courses aim, in just three hours, to enhance soft skills and hard skills, boost your knowledge of finance and artificial intelligence, and supercharge your digital capabilities. Check out some of the incredible options by clicking here.

 

Tell me more

Recite Me toolbar