by peter

Share

DDoS Attack Explained

Risk

Risk Rating: CRITICAL
Likelihood: 4/5
Impact: 5/5

Causes

  • Lack of Web Application firewall
  • Lack of monitoring
  • Poor coding

DDoS Attack Overview

To date the biggest — if not the most significant — distributed denial-of-service (DDoS) attack occurred in 2018 against popular online code management system GitHub. GitHub was hit by an onslaught of traffic, which at its peak came in at a rate of 1.3 terabytes per second, sending packets at a rate of 126.9 million per second. The attack wasn’t just massive, it was record-breaking. In this attack, the botmasters flooded memcached servers with spoofed requests, which gave them the ability to amplify their attack by 50,000x. The good news? GitHub wasn’t caught entirely unprepared. Administrators were alerted to the attack and it was shut down within 20 minutes.

What you need to know about DDoS Attacks

A DDoS attack is an attempt by hackers, hacktivists or cyber spies to take down websites, slow down and crash the target servers and make online service unavailable by flooding them with traffic from multiple sources. As their name suggests, DDoS attacks are widely-distributed brute-force attempts to wreak havoc and cause destruction. These attacks often tend to target popular or high-profile sites, such as banks, news and government websites, to thwart or deter target organizations from publishing important information or to weaken them financially.

Defending against a Distributed Denial of Service (DDos) attack can be quite straight forward but there are a number of aspects of defense that must be considered.

  1. The majority of Distributed  Denial of Service (DDoS) attacks are caused by exposed vulnerabilities in systems. Ensure your systems are patched and up to date, ideally within 14 days of patch release as advised by the NCSC in their Cyber Essentials Standard.
  2. Perform vulnerability scans every month and FIX the issues identified.
  3. Configure your firewalls to prevent your network from being flooded with traffic.

How DDoS attacks happens

The malicious actors behind DDoS attacks aim to wreak havoc on their targets, sabotage web properties, damage brand reputation and prompt financial losses by preventing users from accessing a website or network resource. DDoS leverages hundreds or thousands of infected “bot” computers located all over the world. Known as botnets, these armies of compromised computers will execute the attack at the same time for full effectiveness.The hacker or group of hackers that control these infected computers then become botmasters, who infect vulnerable systems with malware, often Trojan viruses. When enough devices are infected, the botmaster gives them the command to attack and the target servers and networks are bombarded with requests for service, which in turn effectively chokes them and shuts them down.

Attack Sources

As their name implies, DDoS attacks are distributed, meaning that the incoming flood of traffic targeting the victim’s network originates from numerous sources. Thus, the hackers behind these attacks can literally be from anywhere in the world. What’s more, their distributed nature makes it impossible to thwart these attacks simply by securing or blocking a single source.