DDoS or Distributed Denial-Of-Service is an attack where multiple botnet systems target and flood a single system to sabotage its operations. It’s an attempt from the attacker to stop services on website. It can be managed by stopping access to any service such as applications, networks, services, devices, servers and even particular transactions within the software. In a DoS attack, it’s one system that is sending the malicious data or requests; a DDoS attack comes from multiple systems.
Cyber criminals drown systems with overflowing requests for service. Attackers would either flood the servers with requests to access a page or just hit the database of a system with too many queries. As a result, it crosses the threshold capacity of hardware resource like RAM, CPU, and of course the Internet bandwidth and sabotages the entire system. The loss can range from minor disruptions in services to major losses like experiencing downtime in systems such as applications, websites or even the entire business.
DDoS Attack Symptoms
A DDoS Attack looks like a non-malicious activity that causes service issues – like downtime in the server, numerous genuine requests from genuine users or an amputated cable. Therefore, you need to analyze the traffic to check whether you’ve been attacked or not.
The Story Of DDoS Attacks
In early 2000’s, a student named Michael Calce alias MafiaBoy, disrupted Yahoo’s service with a DDoS attack. Further, he was able to plant three successful attacks over CNN, eBay and Amazon. Though it wasn’t the first DDoS attack ever, the series of attacks gained much attention and then started to haunt powerful businesses worldwide. DDoS attacks are generally used to conduct extortion, wage cyber war, or just exact revenge. DDoS attacks have developed over years as they have got resources that can make them go above 1000 Gbps. you might have heard about the famous Dyn attack in 2016, where the data rate was recorded as 1.2Tbps. It was made possible with the help of modern botnets (Mirai Botnet). The attack shook the entire East Coast of America where millions of IP addresses were used to shoot queries on the server. The Dyn attack directly affected 100,000 IoT devices that included even printers and cameras. Later, such attacks were also targeted on services such as Netflix, Twitter, Tumblr, Spotify, Reddit and even Amazon. Further, DDoS attacks were implemented on GitHub, which recorded a data transfer rate of 1.35Tbps. The attack was massive but GitHub managed to tackle the attack and get functional immediately.
After the attack was analyzed, it came into the picture that attackers used Memcached servers to amplify the effect of the attack, which was simpler technique when compared to previous attacks.
Another attack called WireX, similar to the Mirai botnet attack was discovered by security experts. It targeted 100,000 Android devices across 100 countries. Ever since then, more DDoS attacks are being targeted on various service providers and therefore, such events need investigation.
DDoS Attack Tools
Attackers use botnets to spread the DDoS attack. For those who don’t know about botnets, they are malware-infected devices that are controlled by a botmaster (attacker). DDoS attackers usually chose servers and computers as endpoints to infect. Nowadays mobile and IoT devices are also used to flood the target system. Such devices are used for infecting a single system through mass injection techniques, malvertising attacks and also phishing attacks.
Types of DDoS Attacks
DDoS attacks can be divided into three different classes. They are as follows: –
- Attacks that use huge amount of fake traffic to stop the access to a system. Eg: – spoof-packet flood attacks, UDP and ICMP attacks.
- Attacks that use data packets to victimize the entire network infrastructure or even infrastructure management tools. Eg: – Smurf DDoS and SYN Floods
- Attacks that victimize organization’s application layer and flood applications with malware-infected requests. Therefore, they make online resources unresponsive.
How DDoS Attacks Advanced
Nowadays attackers rent botnets to conduct DDoS attacks. Another advanced called “APDoS- Advanced Persistent Denial-Of-Service” uses different attack vectors in a single attack. This kind of attack affects applications, the database and also the server in a system. Attackers also use the technique of directly affecting ISP to affect maximum number of devices at the same time.
Now DDoS attack has grown into an attack that not just targets a single system but different organizations, suppliers, vendors and business professionals simultaneously. As we all know that no business is more secure than its weakest link, entities such as third parties, employees etc. should be safeguarded.
Technology and strategies have fewer chances of standing against cyber criminals that are refining their DDoS attacks every now and then. However, with the invention of AI, Machine Learning and newer IoT devices being introduced to the world, DDoS attacks will continue to evolve. Attackers will manage to inhibit these technologies in their attacks, which will make attacks deadlier. Nevertheless, DDoS technology will also continue to evolve.