What is Distributed Denial of Service (DDoS)?

The following article covers how a DDoS attack happens, the various types of DDoS attacks, the ways in which they are dangerous, and why it is of utmost importance for businesses to pre-empt and secure themselves from being a victim.

Johnson ThiangBy: Johnson Thiang, Sep 20, 2019
TwitterFacebookLinkedIn

Distributed Denial of Service (DDoS) attacks are one of the more common cyber attacks today. In fact, there is a high probability that you may have been affected by such an attack before, or worse — been an accomplice to the attacker unknowingly. While DDoS has claimed behemoths like Twitter, Spotify and Paypal as victims, DDoS attacks are not reserved only for large enterprises.

Today, with the Darknet, it is relatively easy for someone to hire a cyber attacker for a small nominal fee, and there is no lack of perpetrators. They come from all walks of life — experienced hackers to teenagers who are still in school.

With the threat of DDoS attacks established, let’s dive deeper into an attack.

What Exactly Is A DDoS Attack?

Simply put, a DDoS attack is a cyberattack which attempts to make an online service, server, network or website unavailable by overwhelming it with internet traffic from multiple sources. This renders the target unreachable. This situation can be likened to a large crowd trying to squeeze through a department store entrance during a Black Friday sale. It is chaos, and the department store can do little about it.

Botnets are the primary way a DDoS attack is made possible. By infecting a large group of Internet-connected devices with malware, an attacker is able to orchestrate the attack remotely. When an attacker instigates an attack, it taps on this network of zombie devices to send the target more requests than it can handle, effectively shutting it down. Most people are unaware that their devices are part of such attacks.

Types of DDoS Attacks

DDoS attacks can be categorized into volume-based attacks, protocol attacks or application attacks.

Volume-based Attacks

Sending massive amounts of traffic to overwhelm a network’s bandwidth.

Protocol Attacks

Exploiting vulnerabilities in a server’s resources while consuming the server’s resources. An example would be a SYN flood DDoS attack. TCP connections possess a known weakness in how they are established. Before the connection is established, multiple requests and replies are sent between a host and a server. A SYN request to initiate a TCP connection with a server must receive a response from that server, and confirmed by the requester to take place. In a SYN flood situation, the perpetrator sends multiple SYN requests but does not respond to the server, sapping away resources until no new connections can be made and ultimately causing a denial of service.

Application Attacks

An increasingly popular form of attack, this slow but gradual attack targets specific application packets or functions. They pass off as seemingly legitimate requests and thus are harder to detect. This attack form usually disrupts services such as search functions of a website or information retrieval.

Behind The Frequency of DDoS Attacks

Unlike other cyber attacks, a DDoS attack is relatively affordable to execute. For just $150, one can hire the services of an attacker for up to a week to organize and execute a DDoS attack — no technical know-how required. Large-scale, sophisticated botnets are created by technical experts and these experts look to lease out this network on the Darknet. Thus all it takes for one to inflict damage is to pick a target and pay the attacker for their services.

Even though the authorities have ramped up efforts on their crackdown towards DDoS-for-hire sites, DDoS attacks continue to grow in scale, with attacks sized 100Gbps and higher increasing by 967% in Q1 2019 compared to Q1 2018.

How Organizations Can Secure Their Assets Against DDoS Attacks

The low barriers to entry to a DDoS attack means that organizations need to implement fast and effective security measures to mitigate the risk of DDoS attacks. Otherwise, once an organization is affected, it is extremely challenging to pinpoint the source of the attack, which is typically distributed across hundreds of thousands of zombie devices.

Here are some proactive measures that you can take:

  • Keep your company’s firewalls and routers patched with the latest security updates and configure them to reject bogus traffic.
  • Have a DDoS response plan in place in case an attack happens so that swift remediation can happen. The longer a DDoS attack lasts, the more severe the damage.
  • Engage a vendor who offers DDoS mitigation services.

Devastating as DDoS attacks can be, organizations can take a holistic approach to tackling this common cyber threat, whether by mitigating the damage it can cause or deterring the attack altogether.

Johnson Thiang
By: Johnson Thiang, Sep 20, 2019

Johnson is an experienced security consultant specialized in conducting security assessments such as web/network/thick-client/mobile penetration testing as well as exploiting human weakness. He enjoys sports, robotics and anything related to technology in his free time. He holds the following certifications: (1) GIAC Penetration Tester (GPEN), (2) Offensive Security Certified Professional

TwitterFacebookLinkedIn

Subscribe to the Horangi Newsletter.

Hear from our Horangi tech experts as we go deep into up-and-coming cyber threats, new solutions, and talk about the future of cybersecurity.