The liver disease Hepatitis comes in five flavours: A, B, C, D, and E. And while some of them are easily prevented by vaccines, all of them are downright awful. You know what else comes in many forms and has almost as many capital letters? The answer is DDoS, the cirrhosis on the liver of the Internet. Before we discuss the many forms these Distributed Denial of Service attacks take, let’s first spell out what DDoS means.
Access denied
Aside from watching cat videos, the principal reason for the Internet is for people to be able to share information, opinions, creative works, and even commerce with each other across the globe. Each of those things is a category of a service which a computer can offer to others connected on the Internet. That obscure blog on post postmodernist influences on Silicon Valley office furniture that you maintain? It’s made possible by a computer offering a web server application like Apache or Ngnix, and the server provides the service of sending web pages and insomnia-curing essays to the web visitors who request to access your blog.
However, that service can be denied by many outside causes, like a critical internet backbone cable being cut, or some other computer on the Internet overwhelming your blog with so many requests for data that your server is overwhelmed by the demand, and slows down for all visitors. That’s the “denial of service” part.
If that computer is being intentionally commanded to flood your blog, then you have a denial of service (DoS) attack: a bad actor is using a torrent of data to knock you offline and prevent you from sharing your ideas with the world.
Our scenario of one computer successfully overwhelming another is a bit far-fetched, as even basic blog hosting services can satisfy that demand. Yet when hundreds or even thousands of computers send attack traffic to a single target website, the ratio of attacking computers to victim systems (sometimes just one) is so lopsided that the target computer is rendered unusable. The use of a massive number of computers in a DoS attack to gang up on one target is called a “distributed” DoS, or DDoS for short.
Like other cyber attacks, the underlying motivations may be financial (threatening a DDoS attack against a business in order to collect a ransom payment is a popular reason), or even political (the hacktivist group Anonymous is fond of DDoSing its enemies).
The botnet boom
Some hackers rent out their botnets, offering DDoS-as-a-service on the black market, which provides them with an additional revenue stream.
DDoS attacks are getting both worse and easier to execute, thanks to the rise of botnets – large armies of hacked computers which follow the orders of their hacker commanders. Some hackers rent out their botnets, offering DDoS-as-a-service on the black market, which provides them with an additional revenue stream. Another contributing factor is the endless supply of poorly secured PCs, servers, and IoT devices which provide more and more systems which are easily hacked and added to their botnets.
Once enlisted in a bad guy’s cyber army, a commandeered computer can take part in a few different kinds of DDoS attacks. Let’s explain two of them here:
Domain Name Service (DNS) Attacks: DNS is the system which allows your web browser to match the address you typed into your browser (the URL) with the string of numbers which actually designates a site’s address on the Internet. Unfortunately, this phonebook of the web can be misused as an amplifier for DDoS attacks. Attackers can make a DNS server send a large volume of data to a target site by sending a much smaller request to the DNS server. Multiply this amplification by the sheer number of publicly accessible DNS servers and the number of attacking computers in the botnet, and you have the recipe for staggeringly large amounts of attack traffic.
Application (Layer 7) Attacks: In this type of assault, the attackers send packets of information carefully crafted to exploit a known bug in a specific piece of software or a known vulnerability in a network protocol. Rather than relying on the sheer volume of data to drown a website by using up all of that site’s bandwidth, application attacks usually attempt to exhaust the resources (like memory or processing power) of the server.
[clickToTweet tweet=”No matter what flavour they come in, #DDoS attacks are a menace for businesses & organizations of all sizes & types” quote=”No matter what flavour they come in, DDoS attacks are a menace for businesses and organizations of all sizes and types”]
No matter what flavour they come in, DDoS attacks are a menace for businesses and organizations of all sizes and types. Since their website is their storefront, e-commerce companies lose revenue for every second that they are down. Small and medium businesses, on the other hand, suffer when their company blog and other pages timeout. All the SEO in the world can’t fill your funnel if no one can actually read the content.
DDoS attacks weaponize data and inflict severe financial harm, regardless of the flavour of the attack or the type of business targeted. Companies of all sizes simply must review their cyber defence posture so that they can minimize downtime and losses.