In October 2016, hundreds of the world’s biggest and most popular websites in the U.K. and the U.S. — including Twitter, eBay, Reddit and Spotify — were the subject of several waves of a massive DDoS attack that rendered the sites inaccessible for thousands of people throughout the day.
Many people referred to the disruption caused by the DDoS attacks as an “internet shut down,” and openly wondered what exactly a DDoS attack is. How does a DDoS attack happen anyway, and how does it manage to cause such lengthy global internet outages?
Well, a ‘distributed denial of service’ attack — commonly known as a DDoS attack — is an illegal hacking activity that takes down an online service and makes it unavailable by overwhelming it with web traffic from multiple sources. Hackers can buy a week-long DDoS attack for as little as $150 on the black market, TrendMicro Research reports (PDF). These malicious individuals often target websites and other computer systems for revenge, extortion, activism or even competitive brand damage.
Interestingly, DDoS attacks are relatively simple to implement, but notoriously difficult to defend against. They are among the most potent tools in a cyber criminal’s arsenal that can take even the most protected computers offline, from banks systems to SaaS applications and ecommerce websites.
What is a DDoS Attack?
DDoS attacks exploit the power of a network of tens of thousands of compromised computers, known as a “botnet,” to flood a website’s servers with page view requests. This overload of page requests renders legitimate traffic unable to get through. When an internet server is dealing with an overload, it is unable to respond to most normal queries, making it impossible for internet browsers to access the websites.
Small Business Deals
Attacks on Domain Name Service (DNS) providers or hosts are typically more effective than targeting a single website because hundreds of sites rely on them to direct traffic. DNS hosts such as Dyn, the provider that was hit in the aforementioned DDoS attack, are central to the operation of the internet.
DNS providers operate the “internet’s address book.” They ensure that website addresses (domain names) such as www.yourwebsitename.com are routed and make it to the correct site. If a DNS provider goes offline, then domain names powered by that provider are not routed to a website, meaning they fail to load web pages. Dyn, for example, powers some 3,500 enterprise customers including Netflix, LinkedIn, TripAdvisor and CNBC among many others, according to information on its website.
Nobody claimed responsibility for the 2016 DDoS attacks against Dyn, but experts said they were simple enough to have been carried out by mischievous teenagers rather than malicious state-sponsored attackers. Even amateur hackers can scan for vulnerable websites and computer systems using easily available software, and turn thousands of them against a single target.
Types of DDoS Attacks
Distributed Denial of Service (DDoS) attacks are malicious attempts to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of Internet traffic. These attacks can have a devastating effect on businesses, resulting in financial losses, reputation damage, and even potential legal implications. DDoS attacks have evolved over the years, giving rise to various methods to cripple targeted infrastructure.
Here are some different types of DDoS for businesses to be aware of:
- Volume-Based Attacks: This is the most common type, where the attacker tries to consume all the available bandwidth of the target’s network. Examples include ICMP (Ping) flood and UDP flood. The objective is to saturate the bandwidth of the targeted site.
- Protocol Attacks: These attacks consume server resources or those of intermediate communication equipment, such as load balancers and firewalls, by exploiting vulnerabilities in the protocol. Examples include Ping of Death, SYN flood, and fragmented packet attacks.
- Application Layer Attacks: These attacks target the application level of the OSI model. They are more subtle and can be effective with fewer attacking machines. These attacks typically target specific web applications and can be harder to detect and mitigate. Examples include HTTP GET or POST floods and Slowloris.
- Advanced Persistent DoS (APDoS): This is a more sophisticated form of DDoS, involving multiple attack vectors. Here, attackers use various methods simultaneously to target different layers and aspects of a victim’s infrastructure. This multifaceted approach can make defense more difficult.
- Amplification Attacks: These attacks involve the attacker sending a small number of requests to a third-party system, which then sends a much larger number of responses to the target. DNS amplification and NTP amplification are examples of this technique.
DDoS attacks can cripple a business’s online presence, resulting in lost sales and a tarnished reputation. They can also be used as a smokescreen for other malicious activities, like data breaches or malware installation. It is essential for businesses to be aware of these threats and take appropriate measures to safeguard their digital assets. Countermeasures include implementing robust security infrastructure, continuous monitoring, and collaborating with cybersecurity experts.
|Type of Attack||Description||Primary Objective||Examples||Complexity|
|Volume-Based Attacks||Targets the bandwidth of the victim's network.||To saturate and consume all available bandwidth of the target's network.||ICMP (Ping) flood, UDP flood||Low to Medium|
|Protocol Attacks||Exploits vulnerabilities in network protocols.||To consume server resources or those of intermediate equipment like firewalls.||Ping of Death, SYN flood, fragmented packet attacks||Medium|
|Application Layer Attacks||Targets the application level of the OSI model.||To target specific web applications, often requiring fewer attacking machines.||HTTP GET/POST floods, Slowloris||High|
|Advanced Persistent DoS (APDoS)||Uses multiple attack vectors simultaneously.||To target different layers and aspects of infrastructure making defense more challenging.||Multivector attacks combining the features of other DDoS types||Very High|
|Amplification Attacks||Utilizes third-party systems to amplify the attack.||To flood the victim with overwhelming responses from a minimal request.||DNS amplification, NTP amplification||Medium to High|
How to Protect Your Website against DDoS Attacks
Estimates by Incapsula Inc., a renowned cloud-based website protection service, suggest that businesses can face staggering losses, amounting to as much as $40,000 per hour, when their websites fall victim to DDoS attacks. The surge in the popularity and proliferation of poorly-secured IoT devices, such as “smart” televisions, webcams, and thermostats, has exacerbated the situation. These devices not only become potential victims but also unwitting participants in launching DDoS attacks.
To bolster your defenses against DDoS attacks and protect your business, consider the following measures:
- Regular Updates: Ensure that all your systems, applications, and devices are regularly updated with the latest security patches. These updates often address vulnerabilities that could be exploited in attacks.
- Anti-virus Software: Equip your devices with reputable and up-to-date anti-virus solutions like Kaspersky’s Security Scan or Norton 360. Many of these solutions can detect if your system is part of a botnet.
- Robust Network Infrastructure:
- Utilize routers and firewalls capable of thwarting rudimentary ping attacks.
- Opt for systems that offer automatic rate limiting and traffic shaping, which can help in managing abnormal traffic spikes.
- Purchase Additional Bandwidth: Partner with an ISP that allows you to buy surplus bandwidth. This can offer some leeway during traffic surges, which are common during DDoS attacks.
- Website Management and Plugins:
- If your website operates on WordPress, enhance its security using plugins like WordFence and Bulletproof Security.
- Seek dedicated software solutions that serve as protective barriers against DDoS attacks. Services like CloudFlare specialize in shielding against DDoS threats of all magnitudes, while tools like DDoS Protector can thwart attacks rapidly with their multi-layered protection.
- Avoid Provocation:
- Hackers are often motivated by challenges. Avoid challenging or taunting potential attackers.
- If you encounter any threats or hostile comments, it’s usually best to delete or disregard them.
- Be judicious about where you promote your website. Avoid places that might attract malicious attention, such as hacker forums or controversial online spaces.
In conclusion, while the digital landscape offers immense opportunities, it also brings with it myriad threats. DDoS attacks are a stark reminder of the vulnerabilities inherent in the online world. Being proactive, vigilant, and informed are the keys to safeguarding your assets. Remember, any website, irrespective of its size or prominence, can fall prey to a DDoS attack, so constant vigilance is crucial.
DDoS Photo via Shutterstock