Taking over the server– Behind DDoS attacks
Taking over the server– Behind DDoS attacks
August 16, 2023
DDoS attacks, which were only a minority among all the types of cyberattacks, have become one of the most used cybercrimes by hackers and hacktivists. By invading servers with millions of requests, these groups make a platform unavailable for hours or even days.
Although there are quite fast DDoS attacks – which last only a few minutes -, these can be quite effective in terms of both the loss of financial income and the reputation of the attacked entities.
This type of cyberattack was recorded for the first time since 1996 and has been on the rise since that year. In 2018, 7.9 million DDoS attacks were registered and, in 2013, the number almost doubled, reaching 15 million.
In this article we will review what DDoS attacks are, why hackers perpetrate them, what are the consequences for the attacked platforms and how to mitigate this cybercrime.
Table of contents:
What are DDoS attacks?
Being the acronym for Distributed Denial of Service, DDoS means that a website or platform is unavailable to all visitors and users. As cybercrime, DDoS attacks are characterized by the overloading of a platform, often through a high number of requests to the server.
Unlike other cyberattacks, these do not invade the system through a flaw in the code, but rather flood the server with requests so that its pages are invalid. To do so, hackers use badbots from different sources, making it difficult to be tracked.
Causes and effects of these cyberattacks
If, about a decade ago, DDoS attacks constituted a minority of cybercrimes worldwide, nowadays the number of these attacks has been increasing, largely due to geopolitical tensions.
The Ukraine war is just one example of why hacktivists (named IT Army of Ukraine group) organized and carried out numerous DDoS attacks on Russian and pro-Russian entities. In addition to these, there are organized groups of pro-Russian hackers who claim attacks made in countries that declare themselves against the country in the context of the war in Ukraine. In turn, the group of hackers NoName057(16) also claimed attacks carried out in France due to the country’s position in the coup d’état carried out in Niger.
Still about geo-political motivations, the hacker group AnonymousSudan has already banded together against Microsoft, proving that political hacktivism doesn’t just attack government or economic entities.
However, there are attacks perpetrated against a competing company or organization to gain strategic advantage. Attacks with this motivation usually happen on days of high financial income, such as Black Friday.
As a result of these attacks, the pages of the affected platforms are unavailable for both users and platform workers. As such, the entities behind the platforms may experience a significant loss of revenue, but also of productivity.
The loss of income is also related to the additional expenses to recover these pages, repair damage, and rely on more robust cybersecurity measures.
In addition to the financial consequences, affected organizations may also lose reputation and take legal risks if the personal data of customers and users is put at risk.
Types of DDoS attacks and how they work
Hackers who carry out DDoS attacks mostly use botnets originating from virtual private servers, which makes them more difficult to track.
These cyberattacks aim to block users and operators from entering a platform, so that hackers can ask for ransom. The biggest DDoS attack ever recorded had an influx of 71 million requests per second, which culminated in the blocking of a South American telecommunications company.
Among the various types of DDoS attacks, the following can be listed:
- Volumetric attacks – These are the most common and hackers use botnets to invade a server or domain with millions of requests per second, causing it to go down and become unavailable to users and operators.
- Protocol attack – Hackers define null protocol so that it cannot show the information requested by users.
- Fragmented attack – It is characterized by sending fragmented botnets that the protocol cannot read. Therefore, the server will be consuming endless resources and congested for indefinite time.
- DNS attack – By attacking the platform’s domain infrastructure, its name becomes invalid, making it inaccessible.
- HTTP/S attack – The server is overloaded with access requests, causing the site to be blocked.
- NTP amplification attack – Hackers take advantage of a vulnerability in the protocol’s network to generate an exaggerated amount of traffic and make the platform unavailable.
- “Smokescreen” attack – Some of the DDoS attacks are carried out to distract organizations from another cybercrime. While trying to get the platform back online, data may be stolen, for example.
Mitigation of DDoS attacks
While cyberattack is being used more regularly by hackers around the world and for the most diverse purposes, it is essential that companies have a broad and reliable mitigation strategy.
To mitigate these attacks, it is recommended to use some of these strategies:
- Filter traffic – By using firewalls and other intrusion prevention systems, it is possible to prevent malicious traffic.
- Traffic limit – Given that the vast majority of these attacks are volumetric, imposing a traffic limit on the site prevents the server from being flooded by botnets.
- Traffic distribution – Sending traffic to different servers can make a DDoS attack difficult to carry out.
- Blackholing – When traffic starts to increase exponentially, this strategy causes it to drop, and it stops being online. While effective, this practice also drops trusted traffic.
Prevent DDoS attacks
In addition to DDoS attack mitigation strategies, companies should invest in preventive strategies, such as:
- Traffic analysis – Monitoring the site’s traffic is one of the ways to detect an unusual peak and adopt a mitigation strategy.
- Flow detection – Flow analysis makes it possible to detect unusual traffic patterns.
- Behavioral analysis – By analyzing the behavior of platform users, it is possible to identify patterns of activity, as well as any unusual activity.
- Anomaly detection – The use of emerging technology such as machine learning can make detecting anomalies in traffic easier and faster, as well as enabling more effective resolution.