Live Updates: COVID-19 Cases
  • World 21,105,322
    World
    Confirmed: 21,105,322
    Active: 6,394,871
    Recovered: 13,952,385
    Death: 758,066
  • USA 5,416,829
    USA
    Confirmed: 5,416,829
    Active: 2,402,140
    Recovered: 2,844,250
    Death: 170,439
  • Brazil 3,229,621
    Brazil
    Confirmed: 3,229,621
    Active: 767,417
    Recovered: 2,356,640
    Death: 105,564
  • India 2,465,662
    India
    Confirmed: 2,465,662
    Active: 663,755
    Recovered: 1,753,719
    Death: 48,188
  • Russia 912,823
    Russia
    Confirmed: 912,823
    Active: 174,361
    Recovered: 722,964
    Death: 15,498
  • South Africa 572,865
    South Africa
    Confirmed: 572,865
    Active: 123,978
    Recovered: 437,617
    Death: 11,270
  • Peru 507,996
    Peru
    Confirmed: 507,996
    Active: 134,342
    Recovered: 348,006
    Death: 25,648
  • Mexico 505,751
    Mexico
    Confirmed: 505,751
    Active: 108,951
    Recovered: 341,507
    Death: 55,293
  • Chile 380,034
    Chile
    Confirmed: 380,034
    Active: 16,604
    Recovered: 353,131
    Death: 10,299
  • Spain 355,856
    Spain
    Confirmed: 355,856
    Active: 327,251
    Recovered: ?
    Death: 28,605
  • Iran 338,825
    Iran
    Confirmed: 338,825
    Active: 25,683
    Recovered: 293,811
    Death: 19,331
  • UK 313,798
    UK
    Confirmed: 313,798
    Active: 272,451
    Recovered: ?
    Death: 41,347
  • Saudi Arabia 294,519
    Saudi Arabia
    Confirmed: 294,519
    Active: 30,823
    Recovered: 260,393
    Death: 3,303
  • Pakistan 287,300
    Pakistan
    Confirmed: 287,300
    Active: 15,932
    Recovered: 265,215
    Death: 6,153
  • Bangladesh 271,881
    Bangladesh
    Confirmed: 271,881
    Active: 111,667
    Recovered: 156,623
    Death: 3,591
  • Italy 252,235
    Italy
    Confirmed: 252,235
    Active: 14,081
    Recovered: 202,923
    Death: 35,231
  • Turkey 245,635
    Turkey
    Confirmed: 245,635
    Active: 11,666
    Recovered: 228,057
    Death: 5,912
  • Germany 222,269
    Germany
    Confirmed: 222,269
    Active: 12,188
    Recovered: 200,800
    Death: 9,281
  • France 209,365
    France
    Confirmed: 209,365
    Active: 95,505
    Recovered: 83,472
    Death: 30,388
  • Canada 121,234
    Canada
    Confirmed: 121,234
    Active: 4,666
    Recovered: 107,553
    Death: 9,015
  • China 84,786
    China
    Confirmed: 84,786
    Active: 690
    Recovered: 79,462
    Death: 4,634
  • Netherlands 61,840
    Netherlands
    Confirmed: 61,840
    Active: 55,673
    Recovered: ?
    Death: 6,167
  • Australia 22,743
    Australia
    Confirmed: 22,743
    Active: 9,018
    Recovered: 13,350
    Death: 375
  • S. Korea 14,873
    S. Korea
    Confirmed: 14,873
    Active: 705
    Recovered: 13,863
    Death: 305
  • New Zealand 1,602
    New Zealand
    Confirmed: 1,602
    Active: 49
    Recovered: 1,531
    Death: 22

The challenges of conducting business as usual: Inside the DDoS economy

Author at TechGenyz Contributor
Distributed Denial of Service

Most people with computer systems or websites want to keep them working. In many cases, these websites are an organization’s visible presence and the way that they advertise services and interact with customers.

Most hackers are out to ruin their target’s day. A Denial of Service (DoS) attack is when an attacker tries to render their target’s website or other systems unusable. This can be done in a variety of different ways, but most methods take advantage of some bottleneck in a system. A web server has a maximum number of connections that it can handle, memory that it can access, etc. If the attacker manages to force the web server to reach this limit dealing with their malicious requests, then the web server is inaccessible to legitimate users.

A Distributed Denial of Service (DDoS) attack takes DoS attacks to the next level. Instead of using a single computer to attack the target, a DDoS attack uses many computers (like members of a botnet). The larger number of machines involved in the attack allows the attacker to generate more malicious traffic (allowing them to overwhelm load balanced web servers) and makes attribution and blocking more difficult. It’s easy to block all traffic coming from a single IP address but much more difficult to block hundreds or thousands of addresses without accidentally blocking a few legitimate users as well.

The threat of DDoS attacks has led to the creation of anti-DDoS protection systems. These systems are designed and optimized to identify and block attack traffic before it reaches the web server while letting legitimate traffic through. A good DDoS protection service will allow an enterprise to weather even the largest attack with minimal impact to legitimate users.

How DDoS attacks have changed

In the past, DDoS attacks were relatively rare and required a level of technical know-how to perform. To perform a large-scale attack, you needed a botnet, which required the ability to exploit and maintain control over a large number of zombie computers. In recent years, the DDoS landscape has changed through the introduction of the Internet of Things, DDoS as a service, and Ransom DDoS attacks.

The Botnet of Things

The Internet of Things is designed to bring a new level of convenience to modern life. Many devices and appliances connected to the Internet are controllable via mobile applications or web interfaces, making them much easier to monitor and use. The main limitation of the Internet of Things is the extremely low level of security in existing systems. Many IoT devices have built-in default passwords, infrequent or non-existent device update and patch schedules, and no antivirus or monitoring to speak of. As a result, these devices are easily compromised by hackers.

Since most IoT devices run a fully functional Linux operating system, they make an ideal platform for an attacker wishing to build a botnet. They have the necessary Internet access, computational power, and device memory to be involved in a DDoS attack. As a result, DDoS attacks are becoming cheaper and more common as hackers take advantage of the massive number of IoT devices that consumers purchase and deploy without even minimal protection against attack.

DDoS For Hire

Another aspect of the evolution of DDoS attacks is the concept of DDoS as a Service. Instead of pursuing their own goals and agendas via a DDoS attack, hackers will rent out their services for a small fee. A “stresser” or booter” service gives the consumer access to an attacker-controlled botnet to attack a target of their choice for a certain amount of time.

The availability of DDoS attacks as a service creates a hugely asymmetrical relationship between organizations and their potential attackers. A DDoS attack against a large organization can cost as much as $1.6 million when all of the costs (lost revenue, customer churn, etc.) are taken into account. On the other hand, performing a DDoS attack using cloud-based infrastructure can cost a hacker as little as $7 per hour. They’re typically available to consumers for $25 per hour, allowing the hacker to make a tidy profit in the process. The low cost of renting a DDoS attack means that organizations are increasingly at risk from disgruntled employees and customers.

The questionable legality of DDoS services means that hackers can even advertise their services openly on Google. Using a stresser against your own services (to test for DDoS vulnerabilities) is completely legal. It’s only when they’re turned against someone else that it becomes a problem. This legal ambiguity allows DDoS service providers to operate openly with little fear of reprisal.

Monetizing DDoS

As if making money off of renting their services wasn’t enough, hackers with botnets have found another way to profit. In recent years, there have been several instances of ransom DDoS attacks. A ransom DDoS attacker will perform a DDoS attack against a target and threaten to continue doing so (either consistently or sporadically) until the target meets their random demand. The loss of revenue and the uncertainty can cause organizations to cave to the attacker’s demand so that they can resume business as usual.

Protecting yourself from DDoS attacks

DDoS attacks have the potential to significantly impact your organization. Even a one-hour attack can cause a significant loss of sales and customers, but the advances in the DDoS economy mean that large-scale attacks are cheaper and easier to carry out. While ISPs can protect against some DDoS attacks, investing in a DDoS protection service may be a necessity, especially if your organization’s business model is reliant upon having a functional and usable web presence.

Career

Subscribe