Have you ever found yourself browsing one of your favorite websites or watching a video streaming service only to suddenly have your access denied?
Sometimes this is due to the website’s servers experiencing more traffic than usual, but oftentimes this may be because the website has fallen victim to a DDoS attack. But what exactly is a DDoS attack?
DDoS stands for a distributed denial of service, which is a type of distributed network attack. This type of web attack exploits a website’s particular capacity limits that their network resources allow.
Attackers can use bots to bombard the website with a flood of requests, which in turn stops the website from functioning properly.
There are many different types of DDoS attacks such as amplification attacks, nukes, teardrops, and smurfs to name a few, but they all operate in more or less the same way.
More often than not, they make use of bots, which are remote PCs. When multiple bots work together, this is called a botnet.
Attackers will use a botnet to overwhelm another system’s processor, thus causing it to deny service to the legitimate users of the website.
Attackers use DDoS attacks to disrupt websites for many reasons. DDoS attacks have been used by hacktivists to disrupt terrorist recruitment websites.
Other DDoS attacks are solely for malicious purposes. Targets of DDoS attacks often include online shopping websites and online casinos and betting sites.
How Does A DDoS Attack Work?
If a single computer attacks a website by submitting multiple fraudulent requests, this is a DoS attack. Most websites are robust enough to cope with an attack from a single source.
When a computer connects with other computers to organize a coordinated attack on a server or network, this becomes a DDoS attack. But how does an individual get other computers to also attack a website?
The main attacker or ringleader gets other computers involved by using malicious software. Malware programs are distributed over the internet through websites and email attachments.
When a vulnerable computer gets infected with the malware, it has been recruited in a network of other infected computers to perform a DDoS attack.
This network is called a botnet, and it can consist of hundreds or even thousands of computers from all over the world.
The main attacker can control each computer in the botnet to initiate an attack at a specific date and time.
Once this time is reached, it can cause every infected computer to send a particular fraudulent request to a specific server or network, causing it to become overwhelmed by the number of requests.
Once this happens, the website no longer functions and ordinary users cannot access or use the attacked website. Sometimes this causes the website to slow down a lot or stop working entirely. A DDoS attack can last for hours or even days.
Why Do DDoS Attacks Happen?
DDoS attacks happen for all sorts of reasons, such as hacktivism or for other malicious reasons.
Oftentimes, DDoS attacks are purely for financial reasons, such as a company attacking one of their competitors in the marketplace in order to drive customers to their own service.
Otherwise, DDoS attacks often happen for political reasons, if the attacker does not agree with the victim’s political views or beliefs.
Sometimes DDoS attacks occur for no particular reason at all. Occasionally, attackers are simply doing it for fun.
DDoS attacks were a lot more common in the early to mid 2000s. Today, there is a lot more that people can do to protect themselves from this sort of attack. Protection from DDoS attacks is also a lot easier and more affordable in this day and age.
For example, online services can use high capacity servers to process data or scrubbing filters that can spot and remove fake traffic.
In addition to these technical measures that have reduced the prevalence of DDoS attacks, authorities have also cracked down on these attacks and many arrests have been made all over the world.
How Can DDoS Attacks Be Prevented?
There are a number of preventive measures that can be taken to prevent these kinds of attacks, such as automation to detect attacks and accelerate response times. There are 3 primary strategies for the prevention of DDoS attacks:
Detecting Anomalous Behavior
Through considering behavioral deviations on the network, machine learning can be used to understand normal patterns on the particular service and then detect any outliers.
This is the first step towards mitigating DDoS attacks. These types of deviations could be the amount of traffic hitting a particular service, or the number of requests per second that are occurring.
Additionally, if there is a suspected DDoS bot in operation, it can then be challenged and if unable to answer to a challenge it is a legitimate reason to block it.
Distributed Attack Patterns
By leveraging machine learning, the attack pattern of the traffic during a DDoS attack from a botnet can be monitored in real-time. By spotting unusual behaviors, an attack from a botnet can be distinguished from requests made by legitimate users.
Leverage IP Reputation
By looking at the IP address of potential attackers, this can be used as a reason to block certain requests from coming into the network.
There are lists of known DDoS botnets as well as servers that are being exploited for reflective DDoS amplification attacks. This research is used to spot malicious threats and prevent attacks from happening.
Although DDoS attacks are not as common as they were, they still do occur. They can cause a drastic reduction in speed or even a complete outage.
The largest DDoS attack in history occurred when the domain name system provider Dyn was the victim of a DDoS attack that hit it with 1 TB per second traffic.
This caused internet outages in large parts of North America and Europe. This cyberattack caused Dyn to lose 8% of its business, and it took down some of the largest internet services such as Twitter, Reddit, The New York Times, and PayPal.
Thankfully, more preventative measures are available thanks primarily to machine learning. Through machine learning, malicious servers and botnets can be detected and blocked before attacks even occur.
DDoS attacks can really disrupt business operations, so prevention is essential to maintain a functioning service.