Acronym for Distributed Denial of Service, DDoS is a grave threat to companies and businesses as it can be quite unsettling. According to a report, DDoS activity picked up momentum by 80% in each of the last couple of years with 35% of those attacks in 2015 targeting software-as-service, IT services, and cloud computing companies.

So, what can DDoS attacks actually do? They take websites and servers down by either bombarding them with a request that appears genuine but is actually fake, instead flooding the site with data. DDoS attacks are focused and mechanical attempts for overloading a target network with a vast number of requests that make it useless. Hackers do it by carrying out a spate of data packets at a very fast speed to the target computer system until it starts to lag or totally reaches its downtime.

What Motivates Hackers to Launch DDoS Attacks

Reasons why DDoS attacks are launched galore. But the one industry that has been the victim of such attacks is the gaming industry. Occasionally, these attacks are also done to gain political objectives. But generally, hackers have begun using DDoS attacks as a masquerade to lure the attention of a business away from more significant security breaches. DDoS is used as a bluff to target another susceptibility. Therefore, in such an attack, several apparently different attacks are conducted by the opponent on the target. Cybercriminals have turned it into a sophisticated distracting attack to mask other attacks. Typically, financial services businesses that deal with huge amounts of data are vulnerable to such attacks. Recently, phishing attacks have been hurled at IT administrators in several European banks.  Malware is conducted to infiltrate the system of the banks and steal their login credentials. The moment the hackers access the login details, they conduct DDoS attacks against the bank and keep them busy handling the DDoS attack. This affords them time to exfiltrate private data and steal money.

Generally, the object behind conducting such attacks is to flood servers with fake traffic and use their available internet Android, RAM or CPU so that they can no longer serve requests from users. DDoS are large-scale attacks and their victims are generally huge organizations as well as the governments of numerous states. Nevertheless, there are consumer-level products available, too, that can very much imitate what cybercriminals can do but on a smaller or individual scale. Spying apps, including Xnspy, TrackmyFone, etc. are some of the names that reverberate with anything remotely like mobile hacking or mobile espionage. These when furtively installed on a phone can allow a third-person to remotely access to everything stored on the device.

Types of DDoS Attacks

Here are the main forms of DoS and DDoS attacks:

1. Volume-based

This attack includes a vast number of requests sent to the target system. The system considers these requests as valid or invalid request, with cybercriminals conducting volume attack with the aim of overpowering the network capacity. These requests could be across various ports on your system. One of the tactics cybercriminals use is the UDP amplification attacks in which they send a request for data to a third-party server. Consequently, they trick your server’s IP address as the return address. The third-party server then sends enormous amounts of data to the server in response.

2. Application-Based

Hackers in this type of attack use vulnerabilities in the web server software or application software that leads the web server to hang or crash.

3. Protocol-Based

These attacks are targeted on servers or load balancers which abuse the approaches systems use for communicating with each other. It is likely that packets are intended to make servers wait for a non-existent response during a steady handclasp protocol like an SYN flood. These types of attacks include SYN floods, Ping of Death, Smurf attack and more.

Top Recent DDoS Attacks

1. GitHub: 1.35 Tbps

On February 28, 2018, an abrupt assault of traffic hit a popular developer platform, GitHub. GitHub said that the traffic was tracked back to more than a thousand different independent systems across millions of unique endpoints. Worse, GitHub was not completely unprepared for a DDoS attack; it simply failed to understand that an attack of this magnitude would be launched.

2. Dyn (2016)

The 2016 Dyn attack was a sequence of dispersed denial-of-service attacks that occurred on October 21, 2016. The attack was special because the cybercriminals used a particular type of “botnet” malware, which taints a network of computers and manages them to flood specific servers with web traffic until the servers fail. Using this approach gave the hackers many more devices to choose from, including home routers and video recorders.

The offenders were able to access these IoT devices by hacking into them. Several IoT devices used for the Mirai botnet were running on default identifications

3. Occupy Central, Hong Kong: 500 Gbps

Launched in 2014, this attack targeted the Hong Kong-based popular movement, Occupy Central, which was agitating for a more democratic voting system. Attacker(s), later, sent large volumes of traffic to three of Occupy Central’s web hosting services, as well as two autonomous sites. Apparently, those responsible were reacting to Occupy Central’s pro-democracy message. The attack flooded servers with packets camouflaged as genuine traffic, and was performed with not one, not two, but five botnets.

4. CloudFlare: 400 Gbps

In 2014, the attack was directed at a single CloudFlare customer and targeted servers in Europe and was carried out with the help of a vulnerability in the Network Time Protocol (NTP), a networking protocol for computer clock harmonization. The attack was aimed at just one of the company’s customers, but it was so strong that it impacted its own network. This attack demonstrated a method in which attackers use hoaxed source addresses to send mass amounts of NTP servers’ responses to the victim. This is known as “reflection,” since the attacker is able to reflect and intensify traffic.

5. Spamhaus: 300 Gbps

In 2013, Spamhaus came under a DDoS attack which was extremely large to knock their website offline, as well as part of their email services. This attack, like the one on CloudFlare in 2014, employed reflection to burden Spamhaus’ servers with 300 gigabits of traffic per second. The attack was traced to a member of a Dutch company named Cyberbunker, which apparently beleaguered Spamhaus after it banned Cyberbunker.

How to Prevent and Mitigate DDoS Attacks

Here are some of the best practices to avoid DDoS attacks and mitigation strategies.

Purchase more bandwidth

To prevent a DDoS attack, the first step an organization should take is to ensure that it has adequate bandwidth to deal with any raise in traffic that any malevolent activity could cause. Previously, avoiding DDoS attacks was possible by ensuring that you had more bandwidth available compared to any attacker. With the arrival of amplification attacks, however, this is no longer practical. Having more bandwidth essentially increases the bar which the attackers have to get over before conducting an effective DDoS attack.

Build redundancy into your infrastructure

To make it difficult for an attacker to effectively conduct a DDoS attack against your servers, you should ensure you spread them across numerous data hubs with a good load-balancing system to divide traffic between them. These data hubs should ideally be in diverse countries, or at least in different regions of the same country. For this plan to be truly effective, it’s essential to make sure that the data hubs are linked to different networks and that there are no clear network blockages or single points of failure on these networks. Distributing your severs physically and topographically will make it difficult for an attacker to effectively attack more than a portion of your servers, leaving other servers unaffected and able to assume at least some of the extra traffic that the affected servers would usually deal with.

Configure network hardware against DDoS attacks

Some very simple hardware configuration transformations could help you avert a DDoS attack. For example, if you configure your router or firewall to drop DNS comebacks from outside your network, this could help you, to a certain degree, avert some DNS attacks.

Protect DNS servers

Attackers can topple your website and web servers offline by attacking your DNS servers. Therefore, ensure that your DNS servers have redundancy. DNS is like a phone book for the internet, which matches the website name of the user seeking for the right IP address. There are over 300 million domain names keeping millions of internet users worldwide connected. The DDoS attack on your DNS infrastructure could make your application or website to be totally inaccessible. Therefore, network operators should sufficiently defend their DNS infrastructure to defend it from DDoS attacks.

Employ a mitigation technology

To make your users lose access to your site, hackers might launch the DDoS attack. Once your site gets attacked, you must use a mitigation technology to allow people to continue using it without making it inaccessible. Once the cybercriminal gets to know that you are not being impacted by the attack and your users can still access the site, he might stop and not return.

What to do During a DDoS Attack?

To ensure that your website or application is ready within a short notice of being attacked, you must work on an active mitigation tactic. Here is what you can do:

  • Have a backup stationary “temporarily unavailable” website on a discrete reputable host provider. Ensure they provide their own DDoS mitigation services.
  • Redirect your store DNS to a momentary site and work with your staff, sponsors, and associates to find how to handle the vulnerable servers. This will help you keep a mask from your customers and they won’t be able to determine your website is under pressure.

Conclusion

A DDoS can occur anytime, but it can be prevented and mitigated. Educating yourself and comprehending the strategies these hackers use can help you recognize and address how you can effectively preempt such malicious attacks that can wreak havoc to your organization’s sensitive data.

Related articles

Shitcoin Wallet, with 2,000 users, pushing malicious codes
Cyber Crime / Miscellaneous

Shitcoin Wallet, with 2,000 users, pushing malicious codes

By CertX
Cyber Crime

Pakistan Among Sufferers of Hacking Threats By MuddyWater

By CertX
WhatsApp likely to be in Trouble due to a Spate of Controversaries
Cyber Crime

WhatsApp likely to be in Trouble due to a Spate of Controversaries

By CertX
Hackers Infect 50K MS-SQL, PHPMyAdmin Servers with Rootkit Malware
Cyber Crime

Hackers Infect 50K MS-SQL, PHPMyAdmin Servers with Rootkit Malware

By CertX
Amazon Web Services Hit by DDoS Attack
Cyber Crime

Amazon Web Services Hit by DDoS Attack

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *