Distributed Denial of Service

Distributed denial of service [DDoS] is a type of cyber attack that entails having attackers utilize a large network of remote PCs, called botnets, to overwhelm another system’s connection or processor, causing it to deny service to the legitimate traffic it’s receiving. A DDoS attack is designed to interrupt or shut down a network, service, or website and make it unavailable for legitimate traffic requests.1

DDoS in the cybercriminal underground

Research into the Russian cybercriminal underground market reveal the following pricing schemes for DDoS attacks 2:

Table 1. Pricing for DDoS Attacks in the Russian Cybercriminal Underground

Malicious uses of DDoS attacks

DDoS attacks are usually used in APT and targeted attack campaigns as well as hacktivism, and extortion cases.

• In September 2012, a hacktivist group from the Middle East caused outages and performance issues for the Bank of America and other financial organizations’ websites.3
• In April 2013, the hacker group Anonymous targeted several Israeli websites in DDoS attacks. 4
• In June 2013, the South Korean government DNS servers were targeted by a DDoS attack that was capable of knocking down multiple sites. 5
• In 2014, subsequent attacks targeted cloud services Feedly, Evernote, and CloudFlare, with the attack on CloudFlare peaking at a record-breaking 400Gbps. 6
• In January 2015, the hacktivist group CyberBerkut used DDoS attacks to render German government websites inaccessible. 7

Defending against DDoS attacks

Web administrators are advised to be aware of the consequences that come with DDoS attacks. Any website can be at risk of vulnerabilities that will be used by cybercriminals to start the attack. Administrators should monitor networks for unusual activity. They need to optimize network infrastructure so that traffic can be distributed evenly. They should also keep abreast of potential exploits in their systems and make sure to patch them regularly. 8