Security 101: Distributed Denial of Service (DDoS) Attacks
With over 1 billion users, the Internet has become a conduit for businesses and people to access information, do banking, go shopping, connect with people, and reach out to an audience through social media platforms. The downside of all this convenience, however, is its vulnerability to disruption. Cybercriminals have the means and the ability to steal information or halt normal system operations with motives ranging from industrial espionage and financial gain to activism and advancing political agendas.
Over the past few years, distributed denial-of-service (DDoS) attacks have become a growing security problem for private and public sector organizations. DDoS attacks escalate in size and impact. Moreover, there has been a trend toward greater peak bandwidth, longer attack duration and the use of DDoS as not only a hacktivism tool, but for extortion purposes as well. Previous incidents and trends related to DDoS attacks between 2013 and 2015 revealed that average peak bandwidth had doubled. Towards the end of 2014, after the Occupy Central protests in Hong Kong, CloudFlare CEO Matthew Prince stated that the largest DDoS attack was done against independent media sites in the province. According to Prince, it was larger even the previous record-holder, a 400Gbps attack in Europe in early 2014.
What is a DDoS attack?
A DDoS attack is designed to interrupt or shut down a network, service, or website. A DDoS attack happens when attackers utilize a large network of remote PCs called botnets to overwhelm another system’s connection or processor, causing it to deny service to the legitimate traffic it’s receiving. The goal and end result of a successful DDoS attack is to make the website of the target server unavailable to legitimate traffic requests.
How does it work?
The logistics of a DDoS attack can be best explained by a figurative example. Let’s say a user walks in to a bank that only has one teller window open. As soon as the user approaches the teller, another person cuts in front the user and begins making small talk with the teller, with no real intention of making any bank-related transactions. Even as a legitimate user of the bank, the user is unable to deposit his check, and is forced to wait until the “malicious” user has finished his conversation. However, after this malicious user leaves, another person walks in front of the legitimate user, delaying the legitimate user all over again. This process can continue for hours, even days, preventing the user, or any other legitimate users from performing bank transactions.
A DDoS attack on a web server works similarly, because there is virtually no way to determine traffic from legitimate requests against traffic from attackers until the web server processes the request. What actually happens when an organization is the victim of a DDoS attack? For starters, it immediately has to divert attention from running crucial operations to getting its website back in working order.
The DDoS Surge
An increasing number of perpetrators and groups have shown that they have the ability to launch successful DDoS attacks. In 2013, a 300Gbps attack on Spamhaus was listed as the largest ever. The attack was initiated by a teenager in London. At the same time, nation-states like Iran and China have been suspected to have been involved in several DDoS incidents, namely a wave of attacks against the US banks and the aforementioned Occupy Central cyberattack, respectively, in 2012. In 2015, a government may also have been involved in the DDoS attack on GitHub (a site for sharing code repositories), and may have been larger than the Hong Kong attack.
In addition to GitHub and the Hong Kong media, video game properties such as “League of Legends” and Electronic Arts’ Origin portal, public sector institutions including the Dutch government, and software companies like Evernote all dealt with sustained disruption from DDoS attacks that took their sites temporarily offline. In the second quarter of 2015, the number of DDOS attacks reached an all-time high in popularity. According to the Q3 2015 State of the Internet – Security Report from Akamai, DDoS attacks increased by 180 percent compared to the same quarter in 2014. The biggest DDoS attack recorded in the quarter lasted over thirteen hours at 240Gbps—notable because attacks typically last about one to two hours. Between them, the software and gaming industries accounted for more than 75 percent of all the DDoS attacks documented in the Akamai report. Game companies saw their share of the total surge from 35 to 50 percent in just one year.
Recently, BBC’s websites and Republican presidential candidate Donald Trump’s main campaign website were hit by the largest DDoS attacks to date. Between the two, the bigger DDoS attack was carried out against BBC with over 600Gbps. According to reports, BBC announced that the outage was due to some “technical” fault, but later acknowledged that a group called “New World Hacking” claimed responsibility for launching the DDoS attack.
With the increased popularity of DDoS extortion campaigns, knowing the causes and characteristics of these attacks is essential for guiding investment in anti-DDoS tools and security software. Enterprise CIOs should ensure that encryption is in place in the analytics and other web tools that their organizations use, be aware of possible DDOS attack vectors, and invest in network security tools that spot traffic anomalies and issues.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.