Main menu


All about DDos attack : Denial of service attacks

All about DDos attack : Denial of service attacks

“The Evolution Continues” All About DDoS Attacks

A Distributed Denial of Service (DDoS) attack refers to an attack in which a single or multiple attackers block the provision of a specific service. An attack that blocks access to almost anything, including servers, devices, services, networks, appliances, and sometimes even specific transactions within an application. In a DoS attack, one system sends malicious data or requests, whereas in a DDoS attack, multiple systems are executed.

Typically, these attacks send data requests that the system cannot handle. Sometimes the web server sends too many requests to stop working, or attacks the database with large queries. As a result of such an attack, Internet bandwidth, CPU and RAM capacity are overloaded.

The impact of an attack can range from the minor inconvenience of a service outage to the worst case scenario where entire websites, applications and businesses go offline.

DDoS attack signs

DDoS attacks can be difficult to distinguish from other non-malicious factors that cause availability problems, such as server or system down, excessive normal requests from normal users, and cable cuts. Traffic analysis is often required to determine exactly what is going on.

Current DDoS attacks

The perception of a denial of service attack was completely changed in one incident. In the early 2000s, Canadian high school student Michael Kelch (aka Mafiaboy) launched a DDoS attack that brought down Yahoo!, one of the most influential web companies at the time. In the following week, Kelch also attacked and shut down other sites, including Amazon, CNN, and eBay.

While Kelch's attack wasn't the first DDoS attack, it was such a sensational chain of attacks that, in the minds of CISOs and CIOs, denial of service attacks have changed from being a bit of an annoyance to a powerful business saboteur.

Since then, DDoS attacks have become a daily threat, with common uses for retaliation, extortion, online activism, and cyber wage struggles.

As time went on, it grew in size. Attacks in the mid-1990s consisted of around 150 requests per second, enough to bring many systems down. Today's attacks often exceed 1,000 Gbps. Its foundation is a massive botnet.

One of the most powerful DDoS attacks recently occurred last fall when Internet infrastructure service provider Dyn DNS (now Oracle Din) was attacked with DNS queries originating from tens of millions of IP addresses and went out of operation. Launched via the Mirai botnet, the attack is said to have infected more than 100,000 IoT devices, including IP cameras and printers. At the time of maximum spread, the number of Mirai bots reached 400,000. The attack disrupted services such as Amazon, Netflix, Reddit, Spotify, Tumblr, and Twitter.

Unlike most DDoS attacks, the Mirai botnet uses a vulnerable IoT device rather than a PC or server. This particularly sparked fear, as BI Intelligence predicts that there will be 34 billion internet-connected devices by 2020, a significant number (24 billion) of which will be IoT devices.

Moreover, Mirai is not the end of an IoT-powered botnet. Security teams at Akamai, Cloudflare, Flashpoint, Google, RiskIQ and Team Cymru have launched a series of large-scale DDoS attacks targeting content providers and content delivery networks. The investigation uncovered a botnet similar to Mirai's, consisting of about 100,000 infected Android devices across 100 countries, so-called WireX.

DDoS attack tool

In general, DDoS attackers use botnets, a set of networks composed of centrally controlled systems infected with malware. These infected endpoints are usually computers and servers, but the number of IoT and mobile devices is also on the rise. Attackers build such systems by looking for vulnerable devices that can be infected with phishing attacks, malvertising attacks, and other large-scale infection techniques. An increasing number of attackers are also renting out botnets built by other attackers.

Types of

DDoS Attacks DDoS attacks are classified into three main categories. First, there are attacks that use large amounts of fake traffic to bring down resources such as websites or servers (including ICMP and UDP) and spoof packet flooding attacks. The other uses packets to target network infrastructure and infrastructure management tools. These protocol attacks include SYN Floods, Smurf DDoS, and more. Finally, some DDoS attacks target the application layer of an organization and work by overloading applications with malicious requests. Either way, the goal is always the same. It slows down online resources or makes them completely unresponsive.

Evolution of DDoS Attacks

As mentioned briefly above, DDoS attacks are increasingly being carried out on leased botnets. This trend is likely to continue in the future.

Another trend is the use of multiple attack vectors within an attack, called Advanced Persistent Denial-of-Service (APDoS). For example, APDoS attacks can include both application-layer attacks, such as attacks against databases and applications, and direct attacks against servers. "An attack like this goes beyond a simple 'flood' attack," said Chuck McKee, director of partners at Binary Defense.

In addition, according to Mackie, attackers not only directly attack the target, but also attack organizations on which the target is dependent, such as ISPs and cloud providers, in many cases. "It's a broad-based attack that is executed according to a well-planned, high-impact attack," Mackie said.

This is changing the impact and risk of DDoS attacks on organizations. Mike Oberley, cybersecurity attorney at Foley & Lardner LLP, is no longer concerned with DDoS attacks against himself, but also attacks against the vast number of business partners, vendors and suppliers that they rely on for their business. “One of the oldest sayings in the world of security is that the level of security in a business is determined by the weakest link. "In today's environment, the weakest link (as evidenced by many breaches) may be one of the third parties, and that's often the case."

Of course, while criminals improve their DDoS attacks, technology and defense tactics do not stand still. Rod Soto, director of security research at JASK, said the appearance of attacks is changing with the advent of new IT devices and the rise of machine learning and AI. It will be more difficult to catch up with an impossible DDoS attack. Therefore, DDoS defense technology must evolve in that direction as well.”