Recently, an unprecedented DDoS attack was launched on one of our clients. The client’s marketing campaign received billions of clicks in less than one day.
There are very few services, tracking or otherwise, that can survive such massive spikes in traffic without being taken down. Such attacks can affect other platform users as well, degrading the quality of service provided to everyone.
What happened to affected customer campaign?
Nothing.
The client’s campaign was unaffected and the whole infrastructure remained stable and functional.
The reason for that is simple: Voluum’s infrastructure uses Amazon’s CloudFront network that adheres to the highest security and stability standards, as it was demonstrated on that day.
Let’s use this opportunity to learn about the risks that lurk for advertisers and what can be done to mitigate them.
Why are DDoS attacks dangerous in the Ad-Tech world?
DDoS stands for “distributed denial of service”. It is a practice of flooding a server with far too many requests it can handle using automated systems. In the digital world, such attacks are often aimed at sites that the attacker wants to be taken down, such as news outlets. In the digital marketing world however, the perpetrators are usually financially motivated.
Ad fraud is a huge problem in the industry. If you want a deep dive into a plethora of techniques used by malicious actors, we highly recommend reading our article on the topic. But the gist is that some people may benefit from such actions.
Artificial traffic is often used to inflate the number of visitors on a given website to make a publisher site look better or to intercept money from conversions. But such traffic at least tries to mimic real human traffic, so it usually flows at a steady pace, not in sudden influxes like we saw on this day.
DDoS attack launched on a marketing campaign could be a way of disabling a rival’s campaign or advertising domain. Or a way to extort ransom money from the victim. We can’t know for sure, all we know that the attack was deliberate, and it could happen to all digital marketers, no matter what type of campaign they run or which country they advertise in.
How The Attack Was Prevented?
Like we’ve described in detail in a previous post about migrating to CloudFront, the chief reason behind this costly decision was security of our platform and users. CloudFront offers many mechanisms shielding its users from bad actors. This time, a service called WAF (Web Application Firewall), which is responsible for controlling who gets access to the network, blocked the incoming traffic from affecting the campaign.
How to Stay Safe In The Digital World?
Ad fraud can be divided into two types:
- General
- Sophisticated
The first one consists of simple bots performing repetitive tasks such as visiting the page or clicking the ad, and that can be easily detected by modern systems. The way to protect yourself and your business is to use reputable ad platforms and domain providers that monitor traffic for safety and offer robust security mechanisms.
Sophisticated fraud is a different beast. DDoS attacks, ad stacking, code injections are much harder to detect as they often are:
- Targeted
- Complicated
- Smart
There isn’t a way that gives you 100% guarantee that your marketing efforts won’t fall victim to organized attack. But using a service that relies on a top-notch network of servers is a way to go.
With Voluum, each user gets a unique entry to the CloudFront infrastructure. This protects the tracking component of your campaign. What you can also do is to monitor your traffic for patterns of non-human behavior with Voluum’s Anti-Fraud Kit. This helps to ensure that you are not wasting money on bots.
Final thoughts
This story has a happy ending, because the affected marketer was a Voluum customer that migrated their domains to CloudFront.
For all the remaining Voluum users that haven’t migrated yet, or for people using self-hosted trackers or trackers relying on just a few servers scattered around the world, here’s the question:
Would you survive 30,000 clicks in a second?