With the growing rate of cybercrime, it is important to be able to differentiate and familiarise yourself with a range of forms that a cyber-attack can take.
Recently, many businesses across the ditch or otherwise have been targeted by a bombardment of cyber attacks known as a DDoS. Theses attacks have been slowly making their way across the globe and onto our New Zealand shores, disrupting many of our core websites compromising website performance or user experience, Just last week the NZX had to halt trading in order to resolve the security breach and mitigate further disruptions.
A distributed denial-of-service(DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network. They are designed to overwhelm the target or the infrastructure around it with a constant barrage of internet traffic. These attacks utilise multiple compromised computer systems, personal computers and other IoT devices as the source of the attack. At a high level, picture a DDoS as a traffic jam clogging up the motorway, preventing you from arriving to your desired destination.
So how does it work?
A DDoS takes place when an attacker gains access to a network of online machines. These machines get infected with malware turning each individual device into a bot. The attacker then has remote control over a group of bots, otherwise known as a botnet.
Once established, the attacker is able to send directions to each of the machines remotely. Once the target IP address is located by the botnet, each bot will respond by sending requests to the target, potentially pushing the server or network to overflow capacity, resulting in denial-of-service to normal traffic. It, therefore, becomes difficult to separate attack traffic from regular traffic as each device is technically a legitimate internet device.
What are the common types of DDoS attacks?
DDoS attacks come in many forms. In order to understand a DDoS attack, you must first understand how exactly a network connection is made. A network connection on the Internet is composed of many different components or “layers”. Like building a house from the ground up, each step in the model has a different purpose. The OSI model, shown below, is a conceptual framework used to describe network connectivity in 7 distinct layers.
While nearly all DDoS attacks involve overwhelming a target device or network with traffic, attacks can be divided into three categories. An attacker may make use of one or multiple different attack vectors, or cycle attack vectors potentially based on countermeasures taken by the target.
Application Layer Attacks
Designed to exhaust the resources of the target, these attacks target the application layer of a network where HTTP requests are initially made and delivered. Although a single HTTP request is cheap on the client-side, it can be expensive for the server to respond as it has to load a range of resources and files in order to create a web page. These are difficult to defend against as identifying malicious traffic can get lost in the crowd.
Protocol Attacks
Protocol attacks capitalize on exposed weaknesses in the third and fourth layers of the ODI model; The Network and Transport layers. They cause disruption by consuming all state-available capacity of web application servers or intermediate resources, such as firewalls and local balancers, to render the target inaccessible.
An example of this is a SYN flood. An attack that exploits the TCP handshake by sending a target a large number of TCP “Initial Connection Request” SYN packets. The target machine responds to each connection request and then waits for the final step in the handshake, which never occurs, exhausting the target’s resources in the process.
Volumetric Attacks
Finally, there are volumetric attacks. A primitive but effective technique that attempts to generate congestion of site traffic by consuming all available bandwidth between the target and larger internet. Large quantities of data are sent to the target creating massive traffic queues such as requests from a botnet.
A DDoS attack can be extremely damaging to a business, in both reputation and user experience. It is important to ensure that you have the right procedures in place and are familiar with a wide variety of forms that this, and other cyber attacks may come in. Have any further questions about how to handle a DDoS attack or any other cybersecurity concerns? Contact us for a free no-obligation call to see how we can help you and your business stay adaptive.