What is a DDoS Attack?
DDoS stands for Distributed Denial of Service, and refers to the deployment of large numbers of internet bots which can come from hundreds of thousands different connections. The bots are designed to attack a single server, network or application by continuing to send requests or messages in order to slow it down and deny service to the legitimate users that are trying to access the website or system. DDoS attacks are usually started using just a single computer system that becomes the mastermind and then identifies other vulnerable computers and turn them into the bots which then act like zombies that are being controlled by the master computer.
Many different types of people or cyber-criminals have used DDoS attacks for extortion, politics or to get revenge on a single employer or large networks or websites. The more traffic they tie up with the constant requests or messages sent is measure in bits or binary digits. If a small attack is being launched it may only take a few Mbps or megabits per second but if a larger attack is being conducted it could take several hundred gigabits or terabits. The majority of DDoS attackers use this technic to distract the security system by keeping them busy looking at one issue while planting another type of malware within their system for future use without detection.
What Types of DDoS attacks are there?
There are several different types of methods used to attack a system using denial of service. Botnets are just one type, another is a Teardrop Attack which involves sequential Internet Protocol packets that overlap one another and as the system is trying to reconstruct packets during the process the target system becomes confused and crashes. Another is a Smurf Attack which involves using IP spoofing which make it look like the request was going to one location but it is actually going out to all IPs in the range overwhelming the network and generating huge amounts of network congestion. The final type is called Ping of Death Attack. This attack uses IP packets to ping a target system with a larger than normal amount of packets that the receiver can handle which eventually causes the system buffer and crash eventually.
Most Famous DDoS Attacks
As technology expands so do the ways criminals use it to commit crimes. There have been many attacks throughout the years since computers first became mainstream but here are just a few notable attacks.
1. GitHub: 1.35 Tbps – February 28, 2018 GitHub which is a popular developer platform was attached with an onslaught record-breaking 1.35 terabits per second of traffic. Per GitHub “over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints”. It was not expressed why the attack was launched but the company is taking measures to make sure they are not that vulnerable again.
2. Occupy Central, Hong Kong: 500 Gbps – In 2017 an attack labeled PopVote DDoS targeted a Hong Kong based grassroots movement known as Occupy Central which was campaigning for a more democratic voting system. The attackers sent large amounts of traffic to three of Occupy Central’s web hosting services sending packets disguised as legitimate traffic resulting in peak traffic levels of 500 gigabits per second.
3. CloudFlare: 400 Gbps – In 2014, an attack was launched on a single CloudFlare customer in Europe which effected the CloudFlar’s entire network. The attacker used spoofed source addresses to send out a mass amount of network time protocol servers’ responses to the victim.
4. Spamhaus: 300 Gbps – In 2013, a nonprofit threat intelligence provider Spamhaus which is regularly targeted by attackers were attacked by a large enough DDoS attack that it knocked their website offline and part of their email system was affected also. The attacked was eventually identified as Cyberbunker which is a Dutch company that was previously blacklisted by Spamhaus.
5. U.S. Banks: 60 Gbps – In 2012, six U.S. banks (Bank of America, JP Morgan Chase, U.S. Bancorp, Citigroup and PNC Bank) were targeted by hundreds of hijacked servers with each creating peak floods of more than 60 gigabits of traffic per second. In 2012 these types of attacks were not as popular so the banks were not equipped to deal with this type of DDoS attack.
How do you prevent DDoS attacks?
Distributed denial of service attacks are on the rise with no plans of going away, they are growing larger and becoming more destructive. Just last year in 2017, an attack that struck Dyn took down Twitter, Amazon, Spotify and other clients of the same DNS provider’s critical infrastructure. Arbor Networks reported that 6.1 million campaigns were detected through September of 2017. That breaks down to 22,426 attacks per day, 934 per hour and 15 per minute. There are many technology firms that will continue to look for and take down DDoS botnets but in order to prevent these types of attacks the client or customer needs to be up to date on what has already occurred and how those systems were infiltrated and by doing so the steps can be taken to prevent the same thing from happening to their network or company.
NassiriAug, A., NassiriOct, A., NassiriSep, A., ShinJul, D., & ShinMar, D. (n.d.). 5 Most Famous DDoS Attacks. Retrieved from https://www.a10networks.com/resources/articles/5-most-famous-ddos-attacks
@DMBisson, D. B. (2017, December 21). 5 Notable DDoS Attacks of 2017. Retrieved from https://www.tripwire.com/state-of-security/featured/5-notable-ddos-attacks-2017/
Top 10 Most Common Types of Cyber Attacks. (n.d.). Retrieved from https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/