- April 4, 2022
- By Cyberarch Admin
DDoS Attacks: An Ever Evolving Cybersecurity Challenge
The raging war between Ukraine and Russia began not on the ground but in the digital world. This month, a minimum of 10 websites in Ukraine were targeted with DDoS attacks, making them unusable. However, it is not the first time Distributed Denial of Service attack was carried out. With an exponential increase in cyber-attacks across the world, DDoS attacks have been one of the primary methods used by hackers to target individuals, the biggest businesses, governments and even countries.
It is an increasingly complex and sophisticated mode of cyber attack, which threatens to challenge robust online security. This is the reason why you should have a comprehensive understanding of the DDoS attacks, their history, tools and methods used by cybercriminals to execute DDoS attacks, how they can affect you and possible mitigation strategies and cybersecurity solutions. Find out about all these and much more in this blog.
What is DDoS Attack?
In simple words, DDoS can be defined as the attempt to disrupt or crash a website, server or network by the attacker. This is achieved by flooding the service with extensive internet traffic or data through multiple sources, resulting in either slowing down or crashing of the service.
DDoS Attack Trends
In the first half of 2021, over five million DDoS attacks were reported, according to the data revealed by Mission Critical. In another report from Cox BLUE, a DDoS attack costs 20,000 to 40,000 dollars every hour on average for companies. These are staggering numbers that must compel business leaders and decision-makers to take preventive cyber security measures in advance. Moreover, DDoS attacks have become common, the scale has increased, and they have become more sophisticated.
Although the US, the UK and China are the biggest targets when it comes to DDoS attacks, there have been some major security incidents that occurred in the last decades with significant consequences. It includes the 2007 attack in Estonia, the 2008 attack in the Republic of Georgia, the largest DDoS attack in the history at that time-Spamhaus in 2013, Occupy Central 2014, Github 2018 and many more.
Dark Web Services to Launch DDoS Attacks
Dark Web services are one of the main reasons that have led to the exponential growth of cybercrimes worldwide. There are a plethora of service offerings one can easily access to launch cyber attacks on individuals, businesses and governments, and DDoS attacks are the most preferred cyber attack modes. The price of the service varies depending on the attack type, duration and difficulty. If the website intended to target has DDoS protection, the service offered will be more expensive.
Dark Web also contains tools and methods to conduct DDoS attacks. Two of the most popular tools are Booter and Stresser. Large numbers of tutorials are uploaded on the dark web that explains how to execute DDoS attacks. There are multiple DDoS for hire companies available such as CStress, vDoS, Inboot and IPStresser. One such dark web actor who facilitates DDoS attacks through tools and methods is Rootzeynus, who conducts all these activities through Telegram, YouTube, Raidforum etc. This makes cybersecurity a priority for organizations and governments.
DDoS Attack Types
There are multiple ways DDoS attacks are categorized. This blog aims to provide you with general types, broad types and common DDoS attack types.
General DDoS Attacks
There are two types of DDoS attacks; Standard and Reflection.
Standard: Standard DDoS attack generally involves the sending of an extensive amount of more than normal internet traffic to a website, server or network targeted by the attacker. One of the methods employed by attackers to accomplish the attack objective is the usage of Botnets.
Botnets are a large number of compromised computers connected over a network, used by attackers to execute DDoS attacks. They are controlled by a central server or location. Thus, an attacker sends the instructions to these computers, which can trigger DDoS attacks, possibly disrupting thousands of multiple networks and affecting systems and websites.
Reflection: Reflection DDoS attack is carried out by attackers by faking their IP address as that of a victim. Thereafter, legitimate requests are sent to legitimate servers. The response to these requests from the servers is sent to the intended victim.
Amplification is another approach used by attackers along with reflection. As the name indicates, the response sent to the victim from a public server is amplified compared to the request from the attacker.
Broad DDoS Attack Types
Generally, hackers use different types of DDoS attacks and a combination of attack types to cause maximum disruption.
Volume-Based – In this type of attack, a high volume of packets/connections are sent to the server. Consequently, the server or network gets overwhelmed, incapable to process the requests received and ultimately leading to the crashing of the system. Some of the examples of volume-based attacks are User Datagram Protocol (UDP), Spoofed Packet Floods and Internet Control Message Protocol.
Protocol – Protocol attacks are aimed at targeting network resources and thus disrupt servers and load balancers. Some of its examples include Synchronise Floods (SYN), UDP Floods and Transmission Control Protocol Connection Exhaustion.
Application – Cybercriminals use Application based DDoS attacks, which are highly sophisticated and are difficult to detect. This type exploits vulnerabilities in the server software by sending requests first that seem to be legitimate, resulting in an overload of requests. Some of the examples include HTTP and HTTPS floods.
Common DDoS Attacks Explained
UDP Flood – DDoS attacks are carried out by sending or flooding User Datagram Protocol packets to a website or to the server which the attacker intends to disrupt. The remote host receives an unprecedented number of random ports. This forces them to check for the application listening, and when no application is found, they respond with a Destination Unreachable packet. As a result of the process, all the resources on the host side are consumed and leads to inaccessibility.
ICMP Flood – ICMP flood also targets the website or server by flooding them with ICMP echo requests or better known as ping packets. This is done by sending packets as quickly as possible without awaiting responses. This consumes bandwidth and leads to system shutdown.
SYN Flood – SYN flood exploits vulnerabilities in the network and one of them is the TCP connection sequence. In this sequence, also referred to as a three-way handshake, SYN request to begin the TCP connection is sent to which the host must respond with a SYN-ACK response. The ACK response should also be confirmed by the requester. In relation to SYN flood, multiple SYN requests are sent which receives no response or sends requests with a spoofed IP address. As the host system waits for responses binding resources, no new connections are established which leads to denial of service.
Ping of Death – By definition, it is sending of multiple malicious pings to a system. Generally, the length of an IP packet is limited. Thus, large IP packets are sent in fragments, and the host reassembles them. With a ping of death attack, this fragment is manipulated with malicious content, causing a denial of service.
Slowloris – Slowloris is aimed at specifically targeting a web server with the help of another server. The attacker accomplishes this by making connections with the targeted web server and by sending only partial requests. Ultimately, the connection pool overflows and prevents legitimate connections for the target.
HTTP Flood – Web server/Web Applications are targeted with HTTP flood. In this scenario, legitimate-looking HTTP GET or POST requests are exploited to perform the web server attack. It is made effective by forcing maximum resource allocation from the server in response to every request made.
DDoS Attack Tools
- Low Orbit Ion Cannon (LOIC) and the High Orbit Ion Cannon (HOIC).
- Metasploit
- Pyloris
- Slowloris
DDoS Attacks: Motivation and Effects
DDoS attacks are fast becoming the most preferred method by threat actors to conduct an online attack on websites and serves across the globe. The motivation for the DDoS attacks ranges from ideology, business competition, extortion and cyber warfare. Some hackers look at DDoS attacks as challenges and carry out strikes to show their skills and nothing else.
However, DDoS attacks can lead to negative effects on business corporations and individuals. This includes extensive financial loss as the websites are slowed down or shut down. Moreover, compensation for remedy can be demanded by the threat actor.
In addition to financial losses, some hackers may try to steal confidential data and leak it for financial gains. This can damage brand reputation leading to serious losses for the business in the long run.
DDoS Attack Mitigation Strategies
Building a robust security infrastructure is imperative to prevent DDoS attacks. With the growing sophistication of these attacks, all devices, systems and servers connected via the internet must be secured. Some of the possible measures that you can take include the following:
- Examine your network and its configuration on priority. This will reveal any possible weaknesses or vulnerabilities that cyber threat actors can exploit. It is also important to run external and internal audits at regular intervals. Moreover, you can implement the use of the Border gateway protocol, which helps in rerouting network traffic before reaching the intended target.
- Your team should always be alert against possible warning signs of an imminent cyber attack. Thus, detection mechanisms with the help of advanced tools should be in place always.
- The right response to possible DDoS attack signs is important. You can take diversion techniques to divert the large volume of traffic which will protect your resources. Filtering is another process that can help to avoid unnecessary DDoS traffic. Finally, analysis of DDoS attacks can help to develop protocols for proactive protection against DDoS attacks in the future.
- You can train your employees to recognize signs and warnings pertaining to DDoS attacks. It is not the sole responsibility of cyber security experts or IT managers to prevent cyber attacks. Basic knowledge of cyber threats, the information required to be shared with experts can all help to limit the damage from a cyber attack.
- Business leaders should recognize the need for dedicated professionals and leaders to look after their cyber security solutions. You can also partner with cyber security firms that can monitor your business 24X7 from potential cyber-attacks.
