Distributed Denial-of-Service (DDoS) attacks are when the attacker tries to make it difficult to deliver an online internet-based service. This is done by restricting access to a network or its components, including systems, services, servers, applications, networks, and certain transactions within applications. A single system sends malicious data or requests while DDoS attacks come from multiple systems.
These attacks make use of multiple requests for data to a particular system, so that it gets overloaded with the requests, and is unable to process them, thus causing a downtime of the server or the webpage. This is because the CPU, bandwidth, and RAM processing capacities get overwhelmed.
DDoS attacks are becoming more complex and sophisticated while also cheap and easy to do as cybercriminals use a large number of offline devices. Opposed Service Attack has been a problem for many years, cyber attackers gaining control of the devices of the device and directing their online traffic to the target to take the victim online.
Types of DDoS attacks
DDoS attacks can primarily be categorized into three types as described below.
- Volume-based Attacks – use a larger amount of fake traffic to overload a website or a server. It consists of techniques such as UDP, flooded ICMP, and spoofed-packet flood attacks. The metric used to determine the size of the volume attack is bits per second (bps).
- Application Layer Attacks – are caused by flood requests with fraudulent applications. Requests per second (RPS) is the metric used to determine the size of the system layer attack.
- Network-layer or Protocol DDoS Attacks – Includes low and slow attacks, GET / POST floods, Apache, Windows or OpenBSD risk indicators, and more. Contains applications that appear to be legitimate and innocent, the purpose of these attacks is to strike a web server, and the magnitude is measured in requests per second (Rps).
The motivation behind DDoS attacks
DDoS attacks quickly become the most common type of cyber threat, growing rapidly last year in both numbers and volume according to recent market research. The trend is aimed at short-term attacks, but a large volume of packet-attack attacks per second.
Attackers are primarily motivated by:
- Opinion – The so-called “hacktivists” use DDoS attacks as a way to identify websites they disagree with ideologically.
- Business Disputes – Businesses can use DDoS attacks to bring down competing websites, e.g., to keep them from participating in an important event, such as Cyber Monday.
- Robbery – Criminals use DDoS attacks or the threat of DDoS attacks as a means of extorting money from their targets.
- Cyberwarfare – Government-authorized DDoS attacks can be used on anti-disabled websites and enemy state infrastructure.
DDoS attacks in today’s digital era
Although the number of DDoS attacks has declined over time, it is still a major threat. As per a report by Kaspersky Labs, Q2 2019 saw a 32% increase in the number of DDoS attacks as compared to Q3 2018, mainly due to the attacks that took place in September.
Botnets such as DemonBot and Torii, which have been discovered recently, are reported to be capable of launching DDoS attacks. Torii, which is considered more dangerous and persistent than Mirai, can attack a variety of IoT devices. Hadoop clusters can be hijacked by Demon Bot, giving it unhindered access to a wide range of computing capabilities and extensive computing power.
Another alarming concern is the presence of the latest DDoS startup platforms such as the 0x-booter. It is available as a DDoS-as-a-service and it uses a variant of the Mirai malware to leverage almost 16,000 IoT systems that have been infected with the malware.
DDoS attack tools
DDoS has a heavy reliance on botnets – network clusters for centralized malware-infected malware programs. The infected endpoints are mostly servers and computer systems, although now mobile and IoT devices are also being infected at a higher rate. Attackers leverage these systems through the identification of vulnerabilities in systems that can then be infected using malvertising, phishing and mass infections. Sometimes, attackers can also rent or lease such botnets from people who have already built them.
How DDoS attacks evolve
As briefly stated above, these attacks have become quite frequent, thanks to the availability of rented botnets. This trend is going to increase, moving into the future.
Another practice, known as APDoS (advanced persistent denial of service), makes use of multiple attack vectors in a single attack. For example, an APDoS attack can attack both the server and the application layer.
This is forcing organizations to rethink and expand their risk-mitigation processes. Today’s DDoS attacks not only attack the business but also their vendors, suppliers, and partners, on whom the businesses depend for successful operations. The entire supply chain gets affected.
Conclusion
DDoS attacks are a nuisance for online businesses and stringent measures should be taken to mitigate the risks posed by them.