GlobalSign Blog

Denial-of-Service Attacks 101: What Are They?

Denial-of-Service Attacks 101: What Are They?

People in the business world who provide services to their customers know even a slight disruption in service — such as one lasting less than an hour — could result in a lot of angry people and a lack of trust in the company, among other issues.

Hackers are also aware of this reality, and that’s why they carry out plans that make internet-based services temporarily unusable.

DoS Attacks vs. DDoS Attacks

A denial-of-service (DoS) attack occurs when a system or machine maliciously gets flooded with traffic or information that makes it crash or be otherwise inaccessible to users. The most common method is a buffer overflow attack, which sends more traffic to a network address than it can handle.

Hackers also try other tactics, such as using fake data packets that send content to every machine on a network instead of only one, or by carrying out a SYN flood. The latter sends a server connection request, but doesn’t complete the handshake. This kind of attack targets every open port so there are none left for legitimate customers to use. Another technique exploits existing vulnerabilities in the system, rather than increasing traffic, to cause it to crash.

Distributed denial-of-service (DDoS) attacks are increasingly common in today’s cyber-landscape. They’re similar to other types of DoS attacks in the effects they have, but the primary difference is the traffic shutting down a victim’s servers or systems originates from many sources rather than one. Distributing the attack across multiple sources increases the damage that can be done and makes it more difficult to shut down; it is also harder to identify the malicious party behind the attack.

The IoT Facilitates DDoS Attacks

DDoS attacks work when those various sources act in sync with one another, often through a botnet. A botnet is a combined network of hijacked internet-connected systems or devices that are remotely controlled as group. Hackers often use them to send spam or phishing emails or expose banking details. However, they’re an instrumental part of DDoS attacks, too. Some hackers even offer botnets for hire, allowing even unskilled cybercriminals to do damage.

One worrisome reality is that the Internet of Things (IoT) brought countless internet-connected devices to the marketplace, making DDoS attacks easier to achieve than in the past. These devices, such as cameras and routers, are prime candidates for botnets because they often rely on poor authentication practices, including shipping with weak default passwords. Hackers can use basic dictionary-based attacks to guess the admin credentials and take over the device. 

One memorable example of this is the Mirai botnet, believed to be made up of over 600,000 zombie IoT devices. Mirai was notoriously used a few years ago for DDoS attacks targeting several key service providers, which caused many popular websites, such as Amazon and Twitter, to be unavailable to users. 

These Attacks Are Typically Extremely Well-Timed

Victims could easily argue there’s no good time to get hit with any attack from cyber-criminals. Remember the WannaCry ransomware attack that took down servers storing health information in the United Kingdom and forced the targets to pay exorbitant fees in cryptocurrencies?

One problem with DoS and DDoS attacks is that the people behind them often figure out how to cause the most damage to their targets through impeccable timing. A few years ago, Xbox and PlayStation were targeted and disabled on Christmas Day, putting a damper on the holiday spirit of everyone who had just received the game systems for gifts. Other instances further prove hackers had timing in mind when planning attacks.

In January 2016, a DDoS affected customers of HSBC Bank in the United Kingdom, and they couldn’t access their online accounts.

That’s bad enough, but it’s even worse, considering it all happened only a couple of days before the United Kingdom’s tax deadline. Research also indicates the financial sector is the most likely industry hit by DDoS attacks, with 57 percent of incidents targeting it.

Earlier, in July 2015, New York Magazine found itself shut down just after publishing 35 interviews alleging Bill Cosby of sexual assault. The likely reason was a DDoS attack. The information possessed by the news outlet contained exclusive details that people want to read, but the timeliness of the attack meant they were not able to immediately.

Some Incidents Affect Multiple Countries

Multiple DDoS incidents occurring in August 2018 also demonstrated how hackers sometimes bring down various websites associated with one industry, even if they’re in different countries. Poker websites in the United States and Canada discovered users unable to access services through attacks that didn’t coincide, but were close to each other.

The US-based America’s Card Room experienced a lapse in service due to a DDoS attack on Aug. 5, right before the start of a substantial online tournament series offering guaranteed wins of $10 million, and had to cancel several of the tournaments as a result. The site’s managing director confirmed the attacks lasted for several hours and that America’s Card Room was working with a DDoS mitigation service to prevent future issues.

A week later, PokerStars, a Canadian site, experienced similar woes when its users started complaining about connectivity problems. Again, these issues kicked off on a day of important tournaments. It’s important to note that these attacks don’t just affect users in the company’s base country either. Despite being based in Canada, PokerStars serves customers in Europe and India. People in those places also could not use the website once the problems cropped up.

How to Avoid Being Affected

Any amount of downtime could make customers begin assuming service providers don’t have adequate infrastructure. A problem that’s severe enough could cause them to complain on social media channels or decide to take their patronage elsewhere.

DoS protection services are available to monitor traffic levels and give alerts of strange activity. More recently, some researchers made prototypes of such systems that use machine learning to detect potential attacks. Conclusions show that although those take time to build, their performance is superior to previously available kinds of DoS screening tools.

Besides depending on methods of finding out about DoS attacks before they affect the majority of users, it’s crucial for businesses to create crisis response plans incorporating DoS and DDoS attacks.

Knowing what to do once one happens doesn’t prevent it entirely, but responding promptly could minimize the extent of the damage. Plus, being upfront about what happened could calm the strong emotions that inevitably flare up when people discover the websites and services they often use and rely upon are suddenly rendered useless.

These Attacks Are Not Going Away

DoS attacks do more than damage reputations and cause frustration. They cost up to $40,000 per hour for victims and less than $40 per hour to orchestrate. A look at news headlines over the past couple of years shows these types of attacks are on the rise and progressively more extensive.

Business owners and others who could potentially find their services brought down by these kinds of attacks must realize they can’t ignore them.

It’s essential to understand the threat of these attacks, learn how to prevent or at least identify them before they can wreak too much havoc, and have disaster recovery processes in place to get systems running again in the unfortunate event you are targeted.

About the Author

Kayla Matthews is a Pittsburghian technology journalist who has written for Hacker Noon, Cloud Tweaks, Houzz, and more. She's also the owner and editor of the tech productivity blog, Productivity Bytes.

Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign



Share this Post

Recent Blogs