Denial-of-service (DoS) and distributed denial-of-service (DDoS) are forms of cyberattacks where the adversary tries to make services or network devices unavailable for their intended purpose by flooding the server or host with an overwhelming amount of malicious requests, rendering the machine unresponsive to legitimate requests. While DoS attacks typically originate from a single source (e.g., a computer or a network-connected device), DDoS attacks are carried out through multiple sources (e.g., bots) and cause more damage than the former. DDoS attacks are also more widespread than DoS attacks because they are far more sophisticated and difficult to control, even with modern cybersecurity solutions.
Increased traffic to your website is always a good thing, right? Not necessarily. There’s a chance it could be a DDoS attack. Some of the tell-tale signs of a DDoS attack are:
DDoS attacks can cause long-term impacts and are a serious security concern for businesses.
Depending on the mode of attack and the target areas in the network, DDoS attacks can be categorized into the following types.
These are the most common type of DDoS attack. In a volume-based attack, the attacker floods all the open ports with requests and overwhelms the network bandwidth. User Datagram Protocol flooding and Internet Control Message Protocol flooding are examples of this.
These attacks usually target the critical parts of the network used for verifying connections. This is accomplished by sending malformed pings or pings with irregular data that exhaust the network resources in the verification process. They also target load balancers and the firewalls that are configured to protect the network against such attacks. Examples of protocol-based attacks include a SYN flood and a ping of death.
These attacks are very sophisticated and difficult to identify. They target vulnerabilities in the application layer and the operating system. These attacks prevent important application information from being delivered to the user, and the overwhelming bandwidth results in a system crash. Examples of this type of DDoS attack include an HTTP flood and an attack on DNS services.
Fragmentation attacks are targeted at the TCP/IP reassembly mechanism, thereby causing a disruption and overlap of the data packets being put together. This overwhelms the network server. An example is a teardrop attack.
The DDoS attack chain is comprised of two phases.
The first phase of a DDoS attack is the formation of a botnet. A botnet is a group of devices that have been compromised by malware and are now controlled by an attacker, known as a bot herder or bot master. This botnet will be deployed to launch DDoS attacks and other malicious acts, including phishing, email spamming, and theft of critical data. This phase takes place in three steps:
In the second phase of the attack, the devices belonging to the botnet are directed to send requests to the target server. This overwhelms the server by taking up the entirety of its bandwidth and renders the server unavailable to respond to business requests from clients.
Employees should be regularly trained on cybersecurity best practices and made aware of the importance of cyber hygiene practices like ensuring secure authentication, changing passwords frequently, identifying phishing attacks, and looking for the signs of a DDoS attack.
Take inventory of all the devices on your network and disable inactive ones that can be exploited by attackers to enter your network. All the possible entry points of attacks should be identified through a network vulnerability assessment process so you can be better prepared to prevent DDoS attacks and other cybersecurity attacks.
Make use of robust and advanced cybersecurity solutions like anti-malware, anti-virus, firewalls, DDoS protection, and other tools that would best suit the size and nature of your business. Ensure that your servers are spread across multiple sites topographically. This will make it hard for an attacker to disrupt all the servers and will ease the balancing of excess traffic due to DDoS attacks.
While complete prevention of DDoS attacks is impossible, it is recommended that businesses be aware of the various ways a DDoS attack can happen, and have suitable mitigation measures in place to curb an attack. In fact, there were nearly 5.4 million DDoS attacks in the first half of 2021—an 11% increase compared to the first half of 2020. With the easy availability of DDoS attack kits, the rise in the number of IoT devices, and widespread connectivity between devices, which opens up attack channels, these numbers are expected to increase in coming years. Attack mechanisms will continue to evolve, and it is up to businesses to establish better security practices and protocols to protect themselves as much as possible.