Everything you need to know about DDoS attacks
Distributed denial-of-service attacks are a form of cybercrime where a malicious actor blocks access to a machine, network or resource by disrupting the host and overrunning its servers.
The cyber security industry has seen a steady increase in the number of these attacks in recent years. In the past they were relatively easy to block and seen as a low-level threat. Now, attacks have become more sophisticated and can lead to massive financial losses and serious reputational damage.
In our latest blog we explore what distributed denial-of-service attacks are and how to guard against them.
What is a DDoS attack?
Denial-of-service (DoS) attacks target servers, services, or networks with the aim of disrupting traffic to the IP address so that legitimate users cannot access the resource. The attack interrupts the servers from functioning normally by overwhelming them with requests and thus denying access to the site. They can affect a range of services that include e-commerce sites, access to emails or secure accounts like online banking.
Distributed denial-of-service is a form of DoS that occurs when multiple machines operate together to carry out the attack. In a DDoS attack, the incoming flood of traffic comes from multiple sources (often thousands at a time) working together in a targeted way.
DoS utilises a single connection whereas a distributed denial-of-service attack employs many sources of attack traffic, often in the form of a botnet. Large networks of malware infected systems and devices, controlled by the attacker, make up the botnet. Compromised machines can include computers, mobiles or IoT connected devices.
As more and more devices make up the IoT, the magnitude of DDoS attacks has increased. The interconnected nature and poor security posture of IoT devices leave them vulnerable to being hijacked for DDoS attacks.
DDoS attacks are hard to locate because of the volume of attackers and their random, dispersed locations. Pinpointing the criminal is difficult because the bots are actually legitimate devices which makes it hard to distinguish them from normal traffic.
What motivates a DDoS attack?
DDoS attacks are most often intended to cause financial or reputational damage to an organisation or business. Cyber criminals normally select high profile targets like credit card payment gateways, banks, e-commerce groups or government bodies for maximum impact.
Attacks can be motivated by ‘hacktivism’, to gain notoriety, or to create negative publicity due to ideological differences. Sometimes the attacks are simply to cause disruption – where hackers launch them just because they can.
Hacktivists are a newer group of cyber criminals who utilise their hacking skills for social or political gain. These attacks normally target companies or government bodies that carry out activities they do not agree with. This was seen in effect earlier this year when the notorious hacking group Anonymous declared cyber war against the Russian government and launched DDoS attacks to bring down government websites and Russia Today, the state backed news service.
Increasingly we are seeing DDoS attacks used for financial exploitation. Attacks are accompanied by extortion demands and ransom requests to stop the attack or prevent it entirely. With an increased reliance on online services, many businesses and organisations resort to meeting these demands to avoid larger financial losses.
Types of attack
In broad terms, there are three types of DDoS attacks:
Application layer attacks – a criminal or botnet repeatedly request the same resource until the server is overwhelmed.
Volumetric attacks – the server is bombarded with so many requests its bandwidth is exhausted.
Protocol attacks – the attacker attempts to consume the resources of the server, networking system or firewall until they eventually crash from overload.
DDoS protection
Preventing a DDoS attack of any kind can be difficult without blocking legitimate users. However, there are several steps you can take to mitigate your risk of falling victim to an attack:
Understand your traffic patterns – continuous traffic monitoring will help you spot an attack before it fully takes over and will help you understand the difference between normal and malicious traffic.
Install advanced network security – firewalls, anti-malware and endpoint protection are all essential lines of defence against DDoS attacks.
Look out for early signs of an attack – slow performance, poor connectivity and unusual traffic patterns from one IP address are all warning signs you could be under attack.
To discover weaknesses within your network infrastructure, contact the OX IT Solutions team today to book a no obligation, remote cyber security review.
To receive all our latest updates follow us on LinkedIn, Facebook and Twitter.