A denial of service (DoS) attack is a malicious attempt on a computer system to prevent it from providing the service for which it was intended. A distributed denial of service (DDoS) attack is a common form of a DoS attack, which utilizes multiple computer systems to simultaneously attack a single computer system. The terms DoS and DDoS are sometimes used interchangeably because most DoS attacks are of the DDoS variety. DDoS is often the hacker's preferred attack, because it uses multiple systems, which result in a larger, more effective attack. This brief will provide an overview of DDoS attacks and highlight a few methods for preventing them.
How does it work?
DDoS generally occurs by sending very large amounts of simultaneous requests to the targeted system, with the intent of overwhelming the target's resources and preventing it from providing service to legitimate customers. This generally involves the attacker hacking and controlling multiple computers, and installing predatory programs designed to participate in a coordinated attack on the targeted system.
The combination of commandeered computers in DDoS attacks forms a nefarious network called a botnet. The term botnet stems from the terms bot and network, where bot (short for robot) is an automated program designed to inflict harm on other systems. Bots are usually spread from computer to computer in the same ways as viruses and other malware, which include email attachments, downloads from infected websites, and other similar means.
Anatomy of a DDoS Attack
One common DDoS attach is called Ping of Death. Ping is actually a legitimate network diagnostic tool which involves sending small data packets from one computer to another. There are specific standards in the way ping packets must be structured to be processed properly by receiving computers. In a Ping of Death attack, these standards are exploited by using malformed packets as a means of performing a DDoS attack. Malformed packets create a processing burden resulting in a backlog in all system processing. This can tie up the processor and essentially bring system processing to a halt.
Other Types of DDoS attacks include:
Why do DDoS attacks occur?
DDoS attacks occur largely for the same reasons that other types of cyber attacks are perpetrated. Many attackers do it simply for bragging rights within their hacking communities. Other attack reasons include:
What is at risk?
Any system that is connected to the Internet is essentially at risk for a DDoS attack. Websites, which are one of the most visible parts of companies' online presence, are very tempting targets for attackers. For example, Ecommerce websites are often targeted since their disruption can bring one's entire online business operation to a halt. Many other computerized systems, including those that manage public utilities and critical infrastructure, and perform other major governmental and business functions, can become prey.
These attacks can target many system components including:
The Cost of a DDoS Attack
A recent example of the potential damage of DDoS attacks was seen in the attack on the Bitcoin Currency Exchange. This attack, which occurred in February 2014, caused significant disruption to the exchange, leading to many incomplete and inaccurate trades, and largely brought trading activity to a halt. Reports from Forbes Magazine indicate that Bitcoin lost nearly 30 percent of its value in a matter of days as a direct result of this attack. Some sources indicate that the total loss in value topped 300 million dollars.
Preventing a DDoS Attack
The list of actions that can be taken to prevent a DDoS is endless. Here is just a short basic list:
Most DDoS attacks are directed towards businesses and large organizations. However, anyone can be a victim of an attack. If an individual has any reason to believe that he or she is a victim of a DDoS, this document can be a valuable resource to help protect oneself and one's organization. If this document does not provide the confidence to defend against DDoS attacks, one should seek assistance from one's ISP or some other competent, trusted technology service. Individuals are their own main source of online protection, so it is imperative they remain vigilant to stay safe online.