A Denial of Service (DoS) attack bombards an intelligent device with requests, until that device crashes. This is a very useful tool for a hacker, and very annoying for the owner of the device. It will slow the device down, but probably not cause it to crash.
A Distributed Denial of Service (DDoS) attack is much more dangerous because many devices can be hacked, compromised and later used to attack a device at the same time! This can cause memory overflow which crashes the targeted device.
What is a (D)DoS Attack?
A DDoS attack is a malicious attempt to disrupt the regular functioning of a targeted server, service, or network by overwhelming it with a flood of Internet packets of data from many different sources, at the same time, which the device tries to process. Unlike traditional DoS attacks where a single source is responsible, DDoS attacks utilize a network of previously compromised devices, forming a malicious entity called a botnet. All this greatly amplifies the scale and impact.
DDos attacks pose a significant threat to businesses, because the botnet can overwhelm that business’s digital system via its online infrastructure. This article explores the nature of DDoS attacks, their mechanics, and the various potential impacts they can have on a business.
Many possible motivations can cause such attacks. They could be carried out by disgruntled or former employees, or hacktivists wanting to take down a company's servers simply to make a statement. Other potential reasons could be financially motivated, such as disrupting a competitor or shutting down another business's online operations to steal business in the ensuing chaos, increasing one’s own potential profits and reputation within the customer base. Organisations exist to do this sort of hacking, as a service, and are even bold enough to advertise their DDoS service.
Mechanics of DDoS Attacks
This is a bit technical, but we’ve tried to keep it as straightforward as possible:
1. Attackers create malicious software called botnets.
2. They then infect a large number of computers, servers, or IoT devices with this malware. These compromised devices, often referred to as zombies, can then be remotely controlled to launch coordinated attacks using data packets called “pings”. Any device with processing power can be hijacked as part of the botnet. One bank had its network taken down by pings from a botnet containing over 10,000 compromised printers!
3. Once a large number of zombie devices have been created, the botnet programming can coordinate and focus the ping output from them into a single stream aimed at the IP address of the target. Focusing techniques may also be used, enabling the hackers to further magnify the response to just a small “ping” request from the server (DNS amplification). It can become like a chain reaction! One solution to this threat would be to just turn off the “ping” service, but unfortunately ping has a number of positive functions.
4. An overwhelming volume of incoming traffic to an important server via its IP address is a great way to cause a whole server infrastructure to crash, losing all its data stored in memory as well. The incoming packets will also saturate the organisation’s Internet bandwidth so its online services cannot work properly.
5. There are seven software layers in all used in Internet communication, according to the International Standard (OSI model – see links at the bottom of the article). Ping just works on the “network” layer. In addition, focused “flooding” attacks can be launched on other software layers. The transport layer (layer 4) and application layer (layer 7) are popular targets.
a. SYN/ACK is a standard “Are you there?” check between devices. Layer 4 attacks exploit vulnerabilities in this check. In a SYN flood attack, the attacker sends a multitude of SYN requests to the target's server, overwhelming it with connection requests that are never completed. This exhausts the server's resources, making it unable to respond to legitimate connection requests, leading to service disruption.
b. Layer 7 protocol attacks are another menace. They are particularly challenging as they mimic legitimate user requests, making them harder to mitigate.
Potential Impact on Businesses
What could this mean for your business? Possible outcomes:
1. Downtime: The primary objective of DDoS attacks is to render a target's online services unavailable. This downtime can have severe consequences, leading to loss of revenue, damage to reputation, and customer dissatisfaction.
2. Financial Loss: Businesses may incur financial losses due to the cost of mitigating the attack, investing in additional cybersecurity measures, and compensating for the revenue lost during downtime.
3. Reputation Damage: A successful DDoS attack can tarnish a company's reputation, eroding customer trust and confidence. Clients may seek more reliable alternatives, impacting long-term relationships.
4. Operational Disruption: Beyond immediate financial repercussions, DDoS attacks can disrupt normal business operations. This disruption may affect internal communications, collaboration tools and other critical services.
Good news: Mitigation and Prevention
A number of techniques can easily be applied:
1. Apply Traffic Filtering systems to help distinguish between legitimate and malicious traffic, allowing organizations to block or limit the impact of an attack.
2. Use Content Delivery Networks (CDNs). These distribute website content across multiple servers, helping to absorb and mitigate DDoS attacks by distributing the traffic.
3. Use robust Firewalls and Intrusion Prevention Systems and configure appropriately. Such systems can help detect and block malicious traffic before it reaches the target.
4. Use “black hole routing” (BHR). This is a defensive strategy, which redirects network traffic destined for the targeted IP address to a null route or "black hole." By directing malicious traffic to this void, the targeted server is shielded from the impact of the attack.
While black hole routing can effectively mitigate the immediate threat, it comes with the drawback of rendering the entire IP address unreachable, impacting legitimate services along with the malicious traffic. Careful consideration and coordination are necessary to minimize collateral damage when implementing black hole routing as a temporary measure during a DDoS attack.
Incident Response Plan
Even with all protections in place, security cannot be guaranteed. Having a well-defined incident response plan in place enables organizations to respond promptly and effectively to mitigate the impact of a DDoS attack.
They can then be up and running promptly with a minimum of disruption.
Conclusion
DDoS attacks are a serious cybersecurity threat with the potential to disrupt businesses on various levels. As technology evolves, so do the methods employed by attackers, necessitating continuous efforts to enhance cybersecurity measures and safeguard against these malicious assaults.
Although the worse the bots normally achieve is crashing an organisational infrastructure, this is bad enough, because they will strike again. The disruption could be sufficient to put the business out of online selling at an important time, so they lose profit, go into the red, or even go out of business altogether.
Organisations should therefore make every effort to use the many available defences to keep DDoS malware at bay.
Comments