What is a DDOS attack?
A Distributed Denial of Service (DDoS) attack is a cyber-attack made to take down the webserver or slow it down by flooding the network, servers, or application with fake traffic. In short, It is a common method to flood an internet server with multiple requests that they are unable to respond quickly enough. DDoS attacks can overload servers causing them to freeze or crash, making websites and web-based services unavailable to users.
The main purpose of DDoS attacks is to prevent legitimate users from accessing. It could be simple mischief, revenge, or hacktivism and it can result in minor annoyance to a big loss to the business.
What happens during a DDOS attack?
Attackers use Malware or exploit unpatched vulnerabilities to install Command and Control (C2) software on target systems to create a botnet. When the botnet is ready, the attackers execute the start command to botnet nodes. Then Botnet will pass that programmed requests to the targeted server. If the attack can bypass the outer defenses, it quickly takes over all the systems. It can cause service outages or crashes the server which results in lost productivity or service interruption ultimately customers can’t see the website.
What are the consequences of DDoS attacks?
- An unreachable online platform
- If it is an online portal, then the loss of productivity
- Loss of confidential data
- If it’s a webshop then a business can go bust
- Reputation damage
Some examples of DDoS attack
Cyberattacks are evolving and becoming more destructive to business. Recent GitHub & DYN DNS attacks are an example of 1.2 TBs and 1.35 TBs of data per second respectively. The objective of this attack was to disrupt productivity.
In the DYN attack hackers found a vulnerability in IoT (Internet of things) devices and exploited it with a botnet called Mirai Botnet attack. Mirai botnet used the open telnet ports and default passwords to control the WIFI enabled camera and executed an attack.
In the GitHub attack, the target was on the servers running on an open-source memory caching system called Memcached. But GitHub has the mitigation plan in place and they were able to mitigate within 10 minutes.
In Sept 2019, cyber attackers hit Wikipedia & Classic World of Warcraft with DDoS attacks.
What are the types of DDoS attacks?
The types of DDoS attacks are designed to consume the online platform such as web Servers
Types of DDoS attacks are:
- Volume Based DDoS attacks –Includes UDP floods, ICMP Floods, and Ping floods. It depends on the volume of inbound traffic. The objective of this type of attack is to consume the website’s bandwidth or cause CPU usage issues. It is measured in bits per second
- Protocol attacks – Includes SYN Floods, Fragmented packet attacks, Ping of Death, Smurf DDoS, and more. These types of attacks are based on protocols that exploit weaknesses in Layers 3 and 4 protocol. The target of this attack is to consume the server resources, network hardware, or any other devices which are in the middle of processing capacities.
- Application Layer attacks – Includes low-and-slow attacks. These types of attacks target applications like Apache, Windows, OpenBSD vulnerabilities & more or application platforms like WordPress, Joomla, Drupal, Magento, and others
How DDoS attacks affect the Law and its Impact
DDoS attacks may be subject to civil or criminal liability that includes fines and imprisonment, under state and federal law. It comes under the Computer Fraud and Abuse Act in the UK.
How can DDoS attacks be prevented?
There are certain steps which can help you to prevent DDoS attack:
- Deploy your endpoint security controls
- Regularly patch your servers
- keep your Memcached servers outside the open internet
- Human error is the major reason so to overcome that training of employees is a must
- Proper configuration and monitoring of a firewall or a web application firewall
- Setup some timeline for the number of requests a server gets in some standard time.
- Turn on Blackhole routing
- We at Teceze can help you by guiding and applying all the necessary controls to mitigate any risk.
GitHub is a classic example of mitigating DDoS attacks. Attackers have hijacked “Memcached” and then massively amplify the traffic volumes that were being fired at GitHub. Hackers were able to do this by spoofing GitHub’s IP address and took control of the Memcached instances. The result was a huge influx of traffic which is 50 times higher than the normal traffic. GitHub was able to mitigate by rerouting traffic and then removed and blocked data seemed to be malicious. It took less than 10 minutes to overcome that attack.
So, In a growing sign of increased sophistication of both cyber-attacks & defenses. Planning and preparation can help any organization to overcome any cyberattack or you can use the services of Managed IT Services such as Teceze to take care of your network on your behalf.
How Teceze can help you?
Teceze regularly maintains and monitors DNS, VPN, Proxies, Firewall, Data Center, Servers, infrastructure, and data to find any signs of DDoS attack in your corporate network. Teceze checks behavior patterns and alerts when there is any deviation from normal behavior. It is very important to take the right technical measures to protect your corporate network or digital platform against attacks. We have extensive experience with protecting online platforms
The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.