Introduction
Distributed Denial of Service (DDoS) attacks are becoming more and more frequent. With rising geopolitical tensions, such as nation-state activities and hacktivism in response to ongoing wars, including the Russia-Ukraine and Israel-Hamas wars, as well as upcoming high-profile events and elections in Europe and the USA, the risk of DDoS attacks is going to rise even further.
At Excedo networks we have closely followed and monitored the growing risk of DDoS attacks to improve the performance of our systems based on the latest attack vectors and patterns to ensure companies and organizations in Europe can properly protect themselves in this evolving landscape. However, the first step before investing in protection technologies is to understand DDoS attacks and how they work.
Let’s look more closely at what a DDoS attack is, what it can look like and what you need to prevent being attacked.
What is a DDoS attack?
A DDoS attack is any attempt made directly by a person or through human-made botnets – networks of internet-connected devices, such as smartphones, computers, routers, and servers, that are infected with malware – to deny users access to online services by overwhelming websites, servers, APIs, or network resources with malicious traffic.
The goal of a DDoS attack is to flood the target system with so much traffic and so many requests that it crashes or is unable to operate, denying service to legitimate users and preventing legitimate traffic from reaching the intended destination.
Below are some examples of what DDoS attacks can look like.
Types of DDoS Attacks
There are four main types of DDoS attacks. Most hackers do not stick to a single type, but try to overwhelm and attack as many systems as possible by combining the different types in what are known as multi-vector DDoS attacks.
Below you can read about each type of DDoS attack in more detail:
Volumetric DDoS Attacks
Volumetric DDoS attacks are by far the most common kind of DDoS attack and work by overwhelming a target with a flood of traffic from multiple sources. This eventually consumes the target’s available bandwidth, causing it to slow down or crash.
In this kind of attack, hackers can, for example, distribute malicious code to as many machines as possible that are running on unsuspecting users' computers and use the code to take control of those machines and link them back to the central host coordinating the attack. Hackers can then use the control gained to direct the "hijacked machines" to send out lots of requests (like unwanted pings or spam) to overwhelm the target server and cause it to shut down.
Volumetric attacks can also make use of botnets made up of IoT devices. These devices usually lack basic security, but can be “hijacked” through their connection to the Internet to send requests to target servers.
Application-Layer DDoS Attacks
Application-layer DDoS attacks target vulnerabilities in web applications, specifically the communication protocols involved in exchanging data between two applications over the internet. Often application-layer attacks are comprised of seemingly innocent requests that a legitimate user could make (such as http requests to load a website) that with enough volume can overwhelm an application’s CPU and memory, slowing the system or causing it to crash.
Protocol DDoS Attacks
Protocol DDoS attacks target weaknesses and vulnerabilities in internet communications protocols. These attacks attempt to consume and exhaust compute capacity of various network infrastructure resources like servers or firewalls by sending malicious connection requests that exploit Transmission Control Protocol (TCP) or Internet Control Message Protocol (ICMP) protocols.
In this kind of attack, hackers can, for example, use multiple computers to send many ICMP "ping" packets to a target as quickly as possible to overload the Internet connection, servers, load balancers, or firewalls. Knocking out any of these components causes the network to "choke" and denies authorized users access to it.
DNS Amplification/Reflection DDoS Attacks
DNS amplification attacks are a specific type of volumetric attack that targets the Domain Name System (DNS) by spoofing a target’s IP address to send requests to open DNS servers. The DNS servers respond back to the spoofed IP address, thereby creating an attack on the intended target through a flood of DNS replies. This is why this kind of attack is also referred to as a reflection attack. The large volume of DNS replies overwhelms the target services, making them unavailable and preventing legitimate traffic from reaching the intended services. It is therefore essential for DNS providers to have basic security and traffic monitoring features to avoid this.
Preventing DDoS Attacks
DDoS attacks take advantage of vulnerabilities in the different layers that make up computer networks, from the structural to the communication level. This means protection from DDoS needs to be holistic and take into account all potential attack vectors and attack combinations. The most important is that the anti-DDoS solution can monitor, detect, and block malicious traffic, while allowing legitimate traffic to get through and ensure service continuity. This requires huge capacity.
To achieve the required level of capacity, it is important to build the largest network that you can, with efficient components at the routers to the Internet for Layer 3 and 4 mitigations, and a layer of deep packet inspection/caching/scrubbing at the core of the network for more advanced mitigation at Layer 4 to 7.
Finally, it’s also important to have enough server capacity, and that they are tuned for best performance at high loads.
Conclusion
The number of DDoS attacks will continue to rise, with attack combinations becoming more elaborate and difficult to detect. In this landscape, it’s important to invest in the most robust defence possible, especially if your organization provides essential services. Without proper defence it is not a question of if you’ll be attacked, but when.
Do you know if your organization is properly protected from DDoS attacks?
Contact us for a free consultation and review of your systems.
