As more and more people are becoming aware of the internet, many people are also becoming more knowledgeable about cybersecurity.
A DDoS attack is a form of cyber-attack in which multiple compromised systems (usually infected with malware) simultaneously send requests to a target system, overwhelming its capacity to respond.
As the recent news coverage on Hurricane Irma shows us, even offline businesses can be affected by data breaches or attacks that take place online.
The difference between DDOS and DOS is that DOS stands for Denial Of Service while DDOS stands for distributed denial of service attack.
The word “distributed” means that multiple computers work together to accomplish this task whereas in DOS only one computer was used for this purpose.
This article will cover these two and what tools and techniques cybercriminals use to launch such attacks.
A distributed denial of service (DDoS) attack is an attempt to make a computer resource unavailable to its intended users.
Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
DoS attacks may also target sites run by governments and private organizations such as multinational corporations.
The term includes attempts to render websites unavailable (website defacement), or block access to sites (denial of service in the strictest sense).
Although DoS attacks take a multitude of forms, they all have one thing in common – the intent to deny legitimate users access to information systems for as long as possible.
In addition, many attackers desire a long-term solution that increases their advantage over those targeted by remaining undetected and being able to seize control at will.
Today, even though the methods employed may vary, achieving this goal generally consists of disabling infrastructure components such as power supplies and network cable systems so that they can no longer provide a continuous supply of electricity and connectivity to the site.
These types of attacks are not new by any means but have risen dramatically in popularity in recent years as companies have become more reliant on Internet-facing systems for conducting business.
DoS attacks can result in significant financial damages to organizations. One report by the Ponemon Institute suggests that the average cost of a DoS attack is $2.5 million, with some attacks costing as much as $40 million.
The study also found that the average duration of an attack is 32 hours and that the most common type of attack is a network flood, which accounts for 66% of all attacks.
In addition, attackers are increasingly using multiple attack vectors in order to increase their chances of success.
Mitigating DoS attacks can be difficult because they often come from sources that are difficult to identify and block.
Attackers may use compromised systems that are difficult to trace back to them, or they may perpetrate attacks from multiple attack points in an effort to mask their true identity.
In addition, a DoS attack can be a prelude to a more sinister assault on the network such as a distributed denial of service (DDoS) attack.
DoS attacks have been around since the dawn of computer networking, however, there has been an increase in the intensity and frequency of DoS attacks over the last few years.
In fact, 94% of companies say they have experienced a DoS attack in 2012 according to Radware’s 2013 “Bruteforce Report”.
In a Denial of Service (DOS) attack, the attacker floods the targeted server with so much data that it can no longer serve legitimate requests by real users. The attacked service is denied to users successfully.
This happens because the resources needed to handle all incoming connections and communications have been totally taken over by illegitimate requests from the attackers or other sources which are under the control of the attackers.
The servers are the ones that are usually targeted by DOS attacks. And, to be more specific, it can also target subnetworks and routers as well.
When a single machine is targeted, it’s called an “individual DOS” (or IDDOS). And when multiple machines across the Internet are targeted simultaneously, it’s called a “Distributed Denial of Service” (DDOS) attack.
It has been said before that DOS attacks should not be confused with other kinds of malicious web traffic like spam or viruses.
This kind of traffic is generated by automated software taking control over innocent devices connected to the Internet without their owners’ knowledge or consent.
Regular users who own these devices do not participate in sending spam or viruses voluntarily. They are, in fact, unaware that they are infected or that their devices have been taken over by malware.
On the other hand, DOS attackers exploit the resources of legitimate users to create traffic with the intention of denying service.
Legitimate users who own these machines (that get attacked) do participate willingly when they consciously decide to launch an attack on someone else’s computer.
Not only this but they also derive pleasure from it whenever they see others suffering because of their actions. This is why it’s called a “voluntary” DOS attacker (or VDOS).
To sum up, there are two main types of DOS attacks:
– The first one is the automated, “botnet” type of attack where malware is used to control a large number of devices and direct them against a given target across the Internet.
– The second kind is where someone voluntarily participates by controlling his or her own computer (or system) to launch an attack on another machine.
Let’s make it more clear with some examples: When your child downloads and installs a movie player illegally from an app store like CNET’s Download.com and uses it to watch movies online, she/he initiates a download and install process unintentionally (without prior knowledge or consent).
This happens because such apps are usually bundled with optional toolbars, adware, ransomware and other malware that secretly take control over the device once installed.
Such involuntary participants (or victims) who launch an attack are known as “zombies” in DOS terminology.
This type of cybercrime is perpetrated by hackers and cybercriminals who take control over other people’s devices through malware like trojan horses, ransomware, or adware/spyware tools (that come bundled with some free software downloaded from the Internet).
There are several types of DOS attacks that can be launched via different methods:
The first method is where the attacker uses his own system(s) to create a large number of open connections to the target machine.
It challenges the target server to accept connections faster than it can handle, resulting in a service timeout for legitimate requests being sent by users. This is known as “connect flooding”.
The second type is where the attacker sends out a large number of requests continuously to the target server, using his own system(s).
The goal here is to use up all the allowed number of requests (quota) defined by the target machine’s administrator before sending back an error message or timeout to legitimate users.
This method is called “HTTP flooding” because it uses HTTP protocol which powers most web services online today.
The third type targets specific ports on targeted devices. It does this on purpose in order to create network congestion on said ports thereby slowing down other traffic on that subnetwork or router.
When multiple attacker machines are employed, this becomes a general DOS attack on routers as well as on vulnerable devices.
The fourth type is where the attacker sends out a huge number of UDP packets (or some other protocol), specifically designed to consume all available bandwidth thus creating congestion and slowing down service for legitimate applications that run over the network.
This attack is essentially a more advanced version of any one of the first three mentioned methods.
Here, it’s also possible for an attacker to launch multiple DOS attacks at once, using different protocols and ports across his networks of infected machines.
DOS attackers usually coordinate their attacks using IRC or DNS infrastructure (that they infect with malware themselves).
For example, when you visit a link like http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FAmin-Dariush&width=292&colorscheme=light&show_faces=true&stream=false&border_color&header=true, you initiate a request to the Facebook servers and for that request to be accepted and processed correctly, you need to have an open TCP connection on port 80 (HTTP) of your device(s).
Now if somebody else sends so many requests at once through multiple hosts on their botnet making it impossible for Facebook’s servers to accept all those connections in time or even process them properly, users like you will receive error messages (or timeout screens). results in a bad user experience for everybody else.
This is where DOS attacks come into play. Just like in the example above, attackers send hundreds of thousands of requests to multiple hosts on Facebook’s infrastructure via IRC channels or DNS lookups thus creating network congestion and degrading service quality for everyone connected.
The goal here is to get Facebook (or any other web property) to block your IP address temporarily until you stop sending requests (in essence slowing down your access speed).
This has happened many times both in the past and recently, affecting users all across the Internet including high-profile companies like Twitter & Netflix among countless others.
The most common form of DOS or DDOS attack is using a botnet, which is a network of computers infected with malware that can be used to generate an enormous amount of traffic from multiple IP addresses.
In the case of Hurricane Irma, for example, as reported on www.cnbc.com, criminals were sending out spam emails containing links to websites hosting the malicious code responsible, disguised as weather updates or relevant news articles.
Once users clicked on those links, victims’ devices became part of the botnet that was used in this cyber-attack. One estimate suggested that more than 40 million people were impacted by this particular cyberattack on the popular cloud service Dyn.
What are the different types of DOS or DDOS attacks? The most common form of DOS or DDOS attack is using a botnet, as we’ve already discussed… let’s dive deeper into this!
There are also other forms such as DNS-flooding, UDP & SYN floods, ICMP Floods, etc. AlienVault’s CEO Barmal Myers listed down five things that you should know about DDoS attacks:
1. It has become easy for cybercriminals to launch these attacks – Botnets have become readily accessible tools for cybercriminals whose sole objective is to take down businesses’ websites slowing them to zero and making it impossible for customers to reach them.
2. DDoS attacks are no longer just about taking businesses offline – Cybercriminals are now using DDoS attacks as a way of extorting money from their victims by threatening to take down their websites unless they are paid a ransom.
3. The sophistication of these attacks is increasing – Cybercriminals have become more sophisticated in their approach and are now able to exploit vulnerabilities in applications and infrastructure to launch more powerful and disruptive attacks.
4. DDoS attacks are not just aimed at large organizations – Attacks are no longer discriminated and can easily cripple small businesses with fewer defenses in place.
5. The best way to protect against DDoS attacks is through proactive defense – A good security posture that will protect against a variety of threats, including DDoS attacks.
The sophistication of these attacks is increasing – Cybercriminals have become more sophisticated in their approach and are now able to exploit vulnerabilities in applications and infrastructure to launch more powerful and disruptive attacks.
There are 5 things that you should know about DDoS Attacks:
1. The availability of cheap botnets has led to a massive increase in the number and power of DDoS attacks over time — including huge, high-profile cases such as the October 2016 Dyn cyberattack.
2. Many DDoS services are available for hire on underground forums, allowing even novice attackers to launch crippling DDoS attacks.
3. DDoS attacks are now being used as a form of extortion, with victims often paying ransoms to attackers in order to stop their websites from being taken down.
4. More and more small businesses are falling victim to DDoS attacks, as they have fewer resources available to them for protection and are generally not prepared for these types of attacks.
5. The best way to protect against DDoS attacks is through the pro-active defense, including measures such as traffic filtering, intrusion detection and prevention systems (IDS/IPS), and blackholing.
– Having a good security posture that will protect against a variety of threats, including DDoS attacks.
– Take all necessary precautions from cybercriminals and keep the DDoS protection on your website/web application.
– Use a reputable security solution – Always set up a password for your VPN service as it provides you with an encrypted connection to the internet that will protect against snooping by hackers.
– Make sure that all your passwords are complex to ensure protection against brute force attacks.
– Update the software installed on your system – This will help keep you protected from viruses and other malicious software used by cybercriminals for DDoS attacks.
– Keep a backup of important files – If any file is corrupt or lost due to a DDoS attack, you will have a backup to restore the data.
– Educate your employees about cyber security and the dangers of DDoS attacks – This will help create a culture of security awareness within your organization and make your employees less likely to fall victim to such attacks.
The best way for individuals and businesses to protect themselves against DDoS attacks is through the proactive defense, including measures such as traffic filtering, intrusion detection and prevention systems (IDS/IPS), and blackholing.
By taking these precautions, you can help protect your organization against the devastating effects of a DDoS attack.
To end this post, I’ll give you a brief summary of how to defend against dos and DDOS attacks. if you’re under a DOS attack then it may be wise to cut off access temporarily while waiting for help; if you’re
under a DDOS attack, then you’ll need to implement some kind of traffic filtering or load balancing in order to mitigate the attack.
To defend against DOS attacks, you can use a packet filter to drop packets from suspicious IP addresses, or you can use an application firewall to block certain types of traffic.
You can also use a reverse proxy, which will prevent the attacker from being able to tell who is responding to requests, and you can also use a form of obfuscation in order to make it harder for the attacker. That’s all