Most people with computer systems or websites want to keep them working. In many cases, these websites are an organization’s visible presence and the way that they advertise services and interact with customers.
Most hackers are out to ruin their target’s day. A Denial of Service (DoS) attack is when an attacker tries to render their target’s website or other systems unusable. This can be done in a variety of different ways, but most methods take advantage of some bottleneck in a system. A web server has a maximum number of connections that it can handle, memory that it can access, etc. If the attacker manages to force the web server to reach this limit dealing with their malicious requests, then the web server is inaccessible to legitimate users.
A Distributed Denial of Service (DDoS) attack takes DoS attacks to the next level. Instead of using a single computer to attack the target, a DDoS attack uses many computers (like members of a botnet). The larger number of machines involved in the attack allows the attacker to generate more malicious traffic (allowing them to overwhelm load balanced web servers) and makes attribution and blocking more difficult. It’s easy to block all traffic coming from a single IP address but much more difficult to block hundreds or thousands of addresses without accidentally blocking a few legitimate users as well.
The threat of DDoS attacks has led to the creation of anti-DDoS protection systems. These systems are designed and optimized to identify and block attack traffic before it reaches the web server while letting legitimate traffic through. A good DDoS protection service will allow an enterprise to weather even the largest attack with minimal impact to legitimate users.
How DDoS attacks have changed
In the past, DDoS attacks were relatively rare and required a level of technical know-how to perform. To perform a large-scale attack, you needed a botnet, which required the ability to exploit and maintain control over a large number of zombie computers. In recent years, the DDoS landscape has changed through the introduction of the Internet of Things, DDoS as a service, and Ransom DDoS attacks.
The Botnet of Things
The Internet of Things is designed to bring a new level of convenience to modern life. Many devices and appliances connected to the Internet are controllable via mobile applications or web interfaces, making them much easier to monitor and use. The main limitation of the Internet of Things is the extremely low level of security in existing systems. Many IoT devices have built-in default passwords, infrequent or non-existent device update and patch schedules, and no antivirus or monitoring to speak of. As a result, these devices are easily compromised by hackers.
Since most IoT devices run a fully functional Linux operating system, they make an ideal platform for an attacker wishing to build a botnet. They have the necessary Internet access, computational power, and device memory to be involved in a DDoS attack. As a result, DDoS attacks are becoming cheaper and more common as hackers take advantage of the massive number of IoT devices that consumers purchase and deploy without even minimal protection against attack.
DDoS For Hire
Another aspect of the evolution of DDoS attacks is the concept of DDoS as a Service. Instead of pursuing their own goals and agendas via a DDoS attack, hackers will rent out their services for a small fee. A “stresser” or booter” service gives the consumer access to an attacker-controlled botnet to attack a target of their choice for a certain amount of time.
The availability of DDoS attacks as a service creates a hugely asymmetrical relationship between organizations and their potential attackers. A DDoS attack against a large organization can cost as much as $1.6 million when all of the costs (lost revenue, customer churn, etc.) are taken into account. On the other hand, performing a DDoS attack using cloud-based infrastructure can cost a hacker as little as $7 per hour. They’re typically available to consumers for $25 per hour, allowing the hacker to make a tidy profit in the process. The low cost of renting a DDoS attack means that organizations are increasingly at risk from disgruntled employees and customers.
The questionable legality of DDoS services means that hackers can even advertise their services openly on Google. Using a stresser against your own services (to test for DDoS vulnerabilities) is completely legal. It’s only when they’re turned against someone else that it becomes a problem. This legal ambiguity allows DDoS service providers to operate openly with little fear of reprisal.
As if making money off of renting their services wasn’t enough, hackers with botnets have found another way to profit. In recent years, there have been several instances of ransom DDoS attacks. A ransom DDoS attacker will perform a DDoS attack against a target and threaten to continue doing so (either consistently or sporadically) until the target meets their random demand. The loss of revenue and the uncertainty can cause organizations to cave to the attacker’s demand so that they can resume business as usual.
Protecting yourself from DDoS attacks
DDoS attacks have the potential to significantly impact your organization. Even a one-hour attack can cause a significant loss of sales and customers, but the advances in the DDoS economy mean that large-scale attacks are cheaper and easier to carry out. While ISPs can protect against some DDoS attacks, investing in a DDoS protection service may be a necessity, especially if your organization’s business model is reliant upon having a functional and usable web presence.