A distributed denial-of-service (DDoS) attack is an attempt to crush a web server or online system by overwhelming it with data. We can say it is one of the most powerful weapons on the internet. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Such attacks can be simple mischief, revenge, or hactivism, and can range from a minor annoyance to long-term one resulting in loss of business.
When you hear about a website being “brought down by hackers,” it generally means it has become a victim of a DDoS attack. In short, this means that hackers have attempted to make a website or computer unavailable by flooding or crashing the website with too much traffic.
What is DDOS attack?
This kind of attack aim to target websites and online services. They try to overwhelm them with more traffic than the server or network can accommodate. The goal is to make the website or service to stop their working. The traffic may include incoming messages, requests for connections, or fake packets. Sometimes, the victims are threatened with a DDoS attack or attacked at a low level.
How DDOS attack works?
A DDoS attack needs an attacker to gain control of a network of online machines in order to perform an attack. Computers and other machines such as IoT devices are infected with malware, turning each one into a bot or zombie. The attacker then has remote control over the group of bots, which is called a botnet.
Once a botnet has been established, the attacker is able to direct the machines by sending updated instructions to each bot via a method of remote control. When the IP address of a victim is targeted by the botnet, each bot will respond by sending requests to the target. So, it causes the targeted server or network to overflow capacity. It results in a denial-of-service to normal traffic. Separating the attack traffic from normal traffic can be difficult; because each bot is a legitimate Internet device.
MOTIVATIONS BEHIND DDOS ATTACKS
DDoS attacks are quickly becoming the most prevalent type of cyber threat, growing rapidly in the past year in both number and volume according to recent market research. They move toward shorter attack duration, but bigger packet-per-second attack volume.
Attackers are primarily motivated by:
- Ideology : It also called “hacktivists”. They use DDoS attacks as a means of targeting websites with which they disagree ideologically.
- Business feuds: Businesses may use DDoS attack to strategically take down competitor websites.
- Boredom – Cyber vandals,“script-kiddies” use prewritten scripts to launch DDoS attacks. The perpetrators of these attacks are typically bored, they are looking for an adrenaline rush.
- Extortion : Some may use DDoS attacks, or the threat of DDoS attacks as a means of extorting money from their targets.
- Cyber warfare – Government authorized DDoS attacks can be used to both stop opposition websites and an enemy country’s infrastructure.
Types of DDoS attacks
DDoS attacks generally consist of attacks that fall into one or more categories. These are the categories, let’s go through them:
- Volume Based Attacks: These send large amount of traffic to overflow a network’s bandwidth.
- Protocol Attacks: These are more focused vulnerabilities in a server’s resources.
- Application Attacks: They are the most sophisticated form of DDoS attacks, focusing on particular web applications.
Here’s a closer look at different types of DDoS attacks.
TCP Connection Attacks
TCP Connection Attacks or SYN Floods exploit a vulnerability in the TCP connection. The targeted server receives a request to begin the handshake. In a SYN Flood, the handshake is never completed. That leaves the connected port as occupied and unavailable to process further requests. Meanwhile, the cyber criminal continues to send more and more requests overwhelming all open ports and shutting down the server.
Application layer attacks target applications of the victim of the attack through a slower way. That way, they may initially appear as legitimate requests from users, until it is too late, and the victim is overwhelmed and unable to respond. These attacks are aimed at the layer where a server generates web pages and responds to HTTP requests.
Often, Application level attacks are combined with other types of DDoS attacks targeting not only applications, but also the network and bandwidth. Application layer attacks are particularly threatening. Because they’re inexpensive to perform and more difficult for companies to detect the attacks focused on the network layer.
Fragmentation Attacks are another common form of a DDoS attack. The cyber criminal exploits vulnerabilities in the data gram fragmentation process, in which IP data grams are divided into smaller packets, transferred across a network, and then reassembled. In Fragmentation attacks, fake data packets unable to be reassembled, overwhelm the server.
In another form of Fragmentation attack called a Teardrop attack, the malware sent prevents the packets from being reassembled. The vulnerability exploited in Teardrop attacks has been patched in the newer versions of Windows, but users of outdated versions would still be vulnerable.
Volumetric Attacks are the most common form of DDoS attacks. They use a botnet to flood the network or server with traffic that appears legitimate, but overwhelms the network’s or server’s capabilities of processing the traffic.
Today’s skillful attackers are blending volumetric, state exhaustion and application-layer attacks against infrastructure devices all in a single, sustained attack. Suck kinds of cyber attacks are popular because they are difficult to defend against and often highly effective.
The problem doesn’t end there. According to Frost & Sullivan, DDoS attacks are “increasingly being utilized as a diversionary tactic for targeted persistent attacks.” Attackers are using DDoS tools to distract the network and security teams while simultaneously trying to inject advanced persistent threats such as malware into the network, with the goal of stealing IP and/or critical customer or financial information.
This post is also available in: Español (Spanish)