DDoS attacks are the rise. In 2014, attacks almost doubled compared to that of the year before, and it does not seem to abate.Dos or DDoS attacks are more than just causing servers to be unavailable to users. Many attackers are using DDoS attacks to steal information and money as well. First, let’s look at the difference between a DoS (Denial of Service) attack and a DDoS (Distributed Denial of Service) attack.
In a DoS attack, one computer and one internet connection is used to flood a server with packets (see Definition), with the aim of overloading the targeted server’s bandwidth and resources. In comparison, a DDoS attack uses many devices and multiple Internet connections and is often distributed globally via a botnet (see Definition). In such an attack is it very difficult to deflect the onslaught, simply because there is no single attacker to defend from. The attacks could originate from hundreds or thousands of multiple sources.
The aim of a DDoS attack is basically a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the internet.
3 types of DDoS Attacks: –
- Volume Based Attacks (Measured in bits per second (Bps)
– Includes UDP (User Datagram Protocol) floods, ICMP (Internet floods, and other spoofed-packet floods. Its aim is to saturate the bandwidth of the attacked site. - Protocol Attacks (Measured in Packets in seconds)
– Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This attack consumes actual server resources, or those of intermediate communication equipment, such as firewall and load balancers. - Application Layer Attacks (Measured in Requests per second)
– Includes Slowloris, Zero-day DDoS attacks, DDoS attacks that target Apache, Windows and Open BSD vulnerabilities and more. The request seems to be legitimate and innocent, but the goal of these attacks is to crash the web server. With DDoS attacks is not just being unable to visit the particular website or conduct business, but in the long run, brand reputation is damaged.
Multiple attacks are becoming more prevalent and lasting longer than they use to, affecting business for more than 24 hours. A recent case being GitHub.com, a coding website, that had to endure four days of persistent DDoS attacks, deemed one of the largest of its kind. The attacks included vectors that was seen before in previous attacks, but included sophisticated new techniques that use the web browser of unsuspecting people to flood GitHub.com with high levels of traffic.
As a result of DDoS attacks, some companies find that they have become victims of theft. Reports of loss of customer data, intellectual property or money during a DDoS attack have surfaced. It has also been reported that many countries in UK & Europe that more than half the companies attacked have critical data stolen.
Closer to home Malaysian Airlines became a victim of Lizard Squad, the international hacker group. The group posted screengrabs of bookings made by several people, including that of a Cabinet minister. A great many Malaysia Airlines passengers complained that it was difficult to access details of their bookings due to the attack.
In recent times an online radio station, a couple of news portal were also targets of DDoS attacks.
The most frightening thing about a DDoS attack is the loss of business opportunities, loss of contracts and on-going operations that generate income.
Therefore, aside from the implementation of software against the proliferation of malware and the likes, DDoS protection should be an integral part of a company’s overall IT security policy. Rapid identification and response can prevent DDoS attacks. The challenge would be to quickly and effectively identify incoming traffic as malicious. Once an attack had been identified, the company will be in position take remedial steps to absorb the attack, until the source is identified and blocked.
Bear in mind that a targeted DDoS attack is impossible to prevent, but there are effective tools that can help mitigate the impact of such an attack.
Note: Recommendation of DDoS protection is beyond the scope of this advisory.
Definition
1. Packets – a unit of data that is routed between an origin and a destination on the internet or any other packet-switch network.
2. Botnet – also known as a zombie army, where a number of compromised computers have been set up to forward spam, malware, etc., without the knowledge of the owners of the computers.
Source
1. Incapsula, Inc.
2. SC magazine.
3. Help Net Security.
4. Malaysian Insider.
5. Planetminecraft blog (1st image, pg 1).
6. ZDNet (2nd image, pg 2).