What is a DDoS attack?
Like real life battle, cyber attacks move quickly, happen simultaneously and take on many forms – malware, phishing, authentication attacks, attacks on apps, ransomware to name a few.
And breaches often occur, not because a defensive solution is insufficient, but because the enemy finds ways of circumnavigating this defence.
Michael Osterloh, CEO of HOSTAFRICA likens this threat to the plight of a real soldier.
“One’s role in cyber security often feels like that of a hapless soldier. The soldier is told to guard a certain hill and keep it at all costs. They’re not told who their enemy might be, what they look like, where they’re likely to attack from or when they’ll strike.”
On that matter, the cyber security professional needs to be constantly ready. One such threat is a Distributed Denial of Service (DDoS) attack.
A DDoS attack is one where a multitude of compromised computers overwhelm a single target, such as a server, website or network with incoming traffic. The flood of incoming messages or connection requests causes the target system to slow down dramatically or even crash and shut down. It thus denies service to legitimate users trying to access the system.
Research has reported that more than 2000 DDoS attacks happen globally every day and that you can buy a week-long DDoS attack for as little as $150 on the black market. The attacks themselves are carried out by a range of parties from individual hackers to organised crime syndicates and even government agencies.
So how does it work?
A typical DDoS attack has the same feel that a viral outbreak would probably have. A cybercriminal begins by exploiting a weakness in one computer system, taking it over and using it as the DDoS master. This master system now identifies other vulnerable systems and gains control of them through malware or by bypassing their authentication controls (by gaining access through the password).
Like some sort of apocalyptic movie, any computer or device under the control of an intruder is known as a zombie or bot. The attacker creates a server to command a network of bots, also called a botnet. The original attacker is called the botmaster.
A botmaster can have control of a botnet made of almost an innumerable number of bots. It doesn’t appear that the modern botnet has any upper limit to their size. Once the army is assembled, the botmaster uses it to march on the intended target, flooding it with traffic and, in most cases, causing it to crash.
Types of DDoS attacks
There are three basic types of DDoS attacks. Traffic attacks send huge volumes of traffic to the target. Legitimate attempts to access the target are lost in the sheer volume. Bandwidth attacks overload the target with huge amounts of useless data which consumes most of the bandwidth and usually results in complete denial of service. Application attacks overload application services or databases with high volumes of application calls.
While the target of a DDoS attack is clearly the victim, these attacks can have far reaching effects, including massive drops in performance for the infected computers used in the attack.
Can they be prevented?
DDoS attacks create obvious and significant business risks and it’s important for IT and cyber security personnel to understand these threats and have an ear to the ground. Being on the receiving end of a DDoS attack is practically impossible to prevent and the security solution isn’t obvious. With every breakthrough in security, hackers are likely to build larger and larger botnet armies that’ll be able to send enormous amounts of junk data.
But the business impact of these attacks can be minimised through following some core security practices. These include regular security assessments to look for and resolve vulnerabilities in the system. One should also be in regular contact with their web hosts who are also likely to have tips and security measures in place to help minimise the effect of these attacks. A HOSTAFRICA virtual server, for example, has high levels of security and the company will give you all the support you need should an attack of this nature occur.
Here are a few tips:
Monitor your traffic and pay attention to abnormalities, including unexplained traffic spikes or visits from suspect IP addresses or geolocations.
Keep an eye on social media (particularly Twitter) for threats, boasting or conversations that might hint at an incoming attack (These might be difficult to spot if you’re not a secret agent).
Consider using third party DDoS testing that simulates an attack against your IT infrastructure. This’ll help you prepare your systems for the real thing.
Create a response plan and assign the appropriate people to a rapid response team whose job it’ll be to minimise the impact of the assault.
An attack of this nature is not just against your IT department or a specific individual. It’s against your entire business and should it ever happen to you, it needs to be dealt with swiftly and ruthlessly. The earlier you spot it, the easier it’ll be to deal with, so stay sharp.