New research
released this month has shown that DDoS attacks are on the rise in the UK and USA. DDoS attacks, otherwise known as Distributed Denial of Service attacks, are when someone or something tries to make an online service unavailable by bombarding it with huge streams of traffic from different sources. They can target all kinds of web-based services, including banks, new websites and popular social networks. They are often used to prevent people or websites from publishing/providing access to information.
A third of all website downtime incidents are estimated to be the result of DDoS Attacks
How Does a DDoS Attack Work?
https://www.youtube.com/watch?v=NogCN78XN2w
People wishing to implement a DDoS attack on a website or service have a couple of options. They can either buy a DDoS attack for as little as $30, or, if they’re more technically savvy, they can put one together themselves.
A DDoS attack requires a lot of computing power. Most attackers don’t have those computers to hand, so instead they build ‘botnets’. These are networks of computers that have been infected with malware which takes control and barrages the target with requests. DDoS attacks are particularly damaging to small websites, such as those used by SMEs and independents. They often don’t have the necessary infrastructure to handle the attack of even a small botnet.
There are a variety of ways that botnets can attack a site. They can send multiple connection requests per second, bombarding a site with enough data to exhaust its data allowance, or attempting huge amounts of login requests to overload a site’s capabilities.
There’s a fantastic resource from Digital Attack Map that shows a live feed of all the DDoS attacks happening across the globe currently, as well as all the DDoS attacks that have happened in the last year. As you can see, there’s no shortage of them all year round. The huge spikes of DDoS attacks like those seen in Aug 2013 are the kinds of attacks that can bring down government sites, or exhaust smaller countries entire bandwidth allowance.
Types of DDoS Attack
TCP Connection Attacks
– These occupy an infrastructure’s available connections so that others can’t use them. It’s a fairly precise strike, and can take down targets capable of handling millions of connections.
Volumetric Attacks
– The crudest form of DDoS. A volumetric attack attempts to consume all of a service’s bandwidth with a huge number of requests. These don’t do any long-lasting damage to a site, and are more about causing congestion and making it impossible to use.
Fragmentation Attacks
– A flood of fragmented data is sent to the target site, which then has to struggle to reassemble the data and make sense of it; this can severely reduce the performance of a site.
Application Attacks
– The equivalent of a stealth-attack in DDoS terms. Application attacks can be conducted with a relatively small botnet. They generate a low rate of traffic, but target and overwhelm a specific aspect of a site or application, such as a login or payment portal.
DDoS objectives
People can instigate DDoS attacks for a number of reasons. They could be seeking to extort a business, beginning a DDoS attack when it is important that a website be fully functional and then demanding money for the cessation of the attack.
Espionage is another regular reason for DDoS attacks, because of their volume and visibility they have been used as a smokescreen for other less obvious attacks which then sneak by the distracted incident response team. There are also plenty of instances of DDoS being employed purely as nuisance. Hackers and other malicious presences online launch DDoS attacks just because they can. These attacks are often short lived though, and more an annoyance than a serious issue for businesses.
Some DDoS attacks may also be launched as a protest, either for or against a certain cause or issue. In these instances a central authority provides ‘hacktivists’ with a target and details on how to implement a DDoS strike. These kind of ‘opt-in’ DDoS attacks are becoming more popular with protestors, and are capable of bringing down large websites run by governments and other organizations that are perceived as being in the wrong.
How Do I Protect Myself From DDoS?
There aren’t any sure-fire ways to protect yourself from a DDoS attack. But there are steps that you can take to make it much harder for your computer to be harnessed as part of a botnet. Make sure to install and maintain a good antivirus software, as well as installing a firewall and monitoring software that is configured to restrict the amount of traffic coming into and leaving your computer network or server. Furthermore, it pays to be cautious about where you go on the internet and not to open any suspicious files that you find either on a website or in emails.
The first thing is to make sure that you know the signs of a DDoS attack so you can best inform your clients and customers about exactly what is going on. Signs of a DDoS attack include: an unusually slow network performance, inability to access websites, a big increase in the number of spam emails and queries being submitted to your servers, and your own website going down. If all of these are true, then you are likely experiencing a DDoS attack.
After you’ve determined that your business is the target of an assault, your administrators should make it their priority to determine what the attack is targeting. If it’s not attacking your entire network then their first step should be to isolate the attacked part of your site from the rest. This will ensure that, whilst one element of your site may be down, the rest of it should be able to operate without much disruption (as long as what’s being attacked isn’t core to the entire system.)
There’s an excellent article by Dark Reading about the correct steps to take when countering a DDoS attack, and I recommend you read that as well if you want to develop a deeper understanding of how
to respond to a DDoS Attack. Denial-of-service attacks are on the rise, most likely because there is no way to prevent them outright. Therefore, the best
thing a business can do is prepare themselves with knowledge, so that they can best respond if they ever do find themselves under attack.
Infographic:
http://www.prolexic.com/images/1000px-Q3-2013-Attack-Report-Infographic.jpg
Photo Credit: Kevin B 3 via Compfight cc
William Thompson
William Thompson is the Marketing Manager at Power Admin, a server monitoring software business in the Kansas City area. You can find him on Google+ and Twitter. William has been a professional in website design, digital marketing and 3D/graphic design for over 20 years.