Definition of DDoS
Distributed denial of service (DDoS) is a cyberattack that disrupts online services and resources by flooding the service with traffic. DDoS renders the targeted online service unusable for the duration of the DDoS attack. DDoS attacks are launched from various compromised devices (usually malware).
According to Wikipedia, the analogy of a DDoS attack is a group of people crowding the entrance of a store when these people do not want to buy goods. This makes it difficult for actual customers to enter and transact, thus disrupting commerce.
Motives for DDoS
Motivations for performing DDoS vary greatly, as do the individuals or organizations performing the attack. DDoS is usually carried out by disgruntled individuals and hackers who want to take down a company’s servers just to make a statement, explore cyber weaknesses, or express disapproval of something.
Other motivations are financial, such as a competitor disrupting or shutting down another business’ online operations. Or it could be extortion, as DDoS perpetrators attack companies and install hostage ware or ransomware on their servers, then force the DDoS-affected company to pay a large sum of money for the damage to be restored.
DDoS attack types
Different attacks target different parts of the network, and are classified according to the connection layer of the targeted network. Here are the types of DDoS attacks:
Volume-Based or Volumetric Attacks
This is the classic type of DDoS. It uses a method to generate a huge volume of traffic to saturate the bandwidth. This causes traffic congestion, so that legitimate traffic cannot even flow in or out of the targeted site.
Protocol attacks
This type of DDoS attack is designed to exhaust the processing capacity of network infrastructure resources such as servers, firewalls, and load balancers by targeting Layer 3 and Layer 4 protocol communications with malicious connection requests.
Application attacks
Some more sophisticated DDoS attacks exploit weaknesses at the application layer (Layer 7) by opening connections and initiating processes and transaction requests that consume limited resources such as available memory and storage space.
In cyberattack scenarios, cybercriminals also like to mix and match attack types to increase the severity of the attack. Thus, a single DDoS attack can involve three attack types at once.
How to deal with DDoS
You need to include DDoS protection in your cybersecurity strategy. Your IT team can develop proactive defenses, prepare effective DDoS response plans, and stay on top of threat trends to adjust these preparations as DDoS attack methods change.
At the very least, there are three things to prepare for DDoS:
Infrastructure preparation
- Setting up a monitoring system for early signs of DDoS attacks
- Building infrastructure that can divert and clean DDoS traffic
- Creating resilient network components that can accommodate attack scenarios that create above-normal traffic loads
Response planning and execution
- Create a plan and task force to remediate DDoS attacks as they occur
- Establishing communication plans during an attack if IP-based services are affected
Threat landscape research
- Stay on top of DDoS attack methods to ensure adequate planning for future attacks
DDoS attacks can wreak havoc on both individuals and corporate institutions. DDoS can also be a diversionary tactic for cybercriminals to conduct other illicit activities on the attacked network.
Hypernet offers security services that include cybersecurity strategies to prevent and mitigate DDoS on your network. Contact our CS for more information.
