READ detailS

DDoS attacks: how they work and how to stop them?

In 2015, DDoS attacks have increased in frequency with 180 per cent, according to a report by security firm Akamai.

Distributed-denial-of-service attacks are one of the most destructive attacks on the Internet, ones that small businesses should also learn to deflect in due time to avoid losing money. Here’s everything you need to know about mitigating denial-of-service attacks that might paralyze your business.

What is a DDoS attack?

A denial-of-service attack is a cyber-attack that renders a specific resource unavailable to its intended user, be it a website or a system network used for critical business operations. This is usually done by overwhelming it with traffic from multiple sources. And by traffic, we mean up to 500GBps – the world’s largest DDoS attack known to date.

DDoS attacks come in many different forms. These are the four most typical:

  • Protocol attacks – occupying connections

These attacks use up all the server resources, including those of immediate infrastructure devices such as load-balancers, firewalls and application servers.

  • Volume-based attacks – using up bandwidth

This includes UDP floods, ICMP floods, and other spoofed-packet floods. What they have in common is consuming the bandwidth either within the target network or service, or between the target network and the rest of the Internet. These attacks are simply about causing congestion.

  • Fragmentation attacks – pieces of packets

These send a flood of TCP or UDP fragments to a victim, overwhelming the victim’s ability to re-assemble the streams and severely reducing performance.

  • Application layer attacks – targeting applications

Comprised of seemingly legitimate and innocent requests, they overwhelm a specific aspect of an application or service even with very few machines generating a low traffic rate (making them difficult to detect and mitigate). Their goal is to crash the web server, and their magnitude is measured in Requests per second.

Who is behind it

By nature, DDoS attacks are anonymous. Most of them use IP address spoofing to make the source of attacks almost impossible to identify.

But DDoS is emerging as the weapon of choice for hackers, political hacktivists, cyber-extortionists, and international cyber-terrorists. Anyone can launch an attack: state-sponsored hacking groups, a disgruntled student looking for revenge, a former employee searching blackmail motives or a competing company looking for compromising information. From a motivational perspective, the majority of attackers are financially driven – looking to extort companies in exchange for stopping the attacks. Yet recent research found that ideologically motivated DDoS attacks are on the rise, too. Think Anonymous.

What is truly worrisome is that an attack can be deployed by relatively unsophisticated attackers who pay for available, low-cost DDoS-for-hire services. There are also pre-packaged DDoS toolkits that anyone with a minimal amount of know-how can use.  For instance, the RageBooter tool “a reliable server stress testing” service.

Source: nakedsecurity.sophos.com

Sometimes, hackers use DDoS attacks as decoys to occupy security staff while they attack networks and steal data. While IT staff is tied up with the disruption, attackers can plant malware and prepare other types of attacks with more severe security implications.

How to mitigate DDoS attacks

DDoS attacks are among the most difficult attacks to defend against. Traditional perimeter security technologies such as firewalls and intrusion detection systems (IDSs) are not 100% efficient because most of the times illegitimate packets are indistinguishable from legitimate packets. Also, typical “signature” pattern matching, performed by IDSs, is not effective in this case.

Many of these attacks also use spoofed source IP addresses, thereby eluding source identification by anomaly-based monitoring tools (firewalls) looking for unusually high volumes of traffic. Other strategies, such as over provisioning (adding bandwidth), do not provide adequate protection against ever larger attacks, and they are far too costly as a DDoS prevention strategy.

Therefore, responding to this threat appropriately and effectively poses a tremendous challenge for all Internet-dependent organizations. Taking on DDoS attacks requires a new approach that not only detects increasingly complex and deceptive assaults, but also mitigates the effects of the attack to ensure business continuity and resource availability.

DDoS protection is built around four key themes, according to Cisco:

  1. Mitigate, not just detect.
  2. Accurately distinguish good traffic from bad traffic to preserve business continuity, not just detect the overall presence of an attack.
  3. Include performance and architecture to deploy upstream to protect all points of vulnerability.
  4. Maintain reliable and cost-efficient scalability.

To achieve these goals, multiple layers of filtering are required to secure networks and web applications. Key preventative measures include using a cloud-based anti-DoS/ DDoS service that routes suspicious traffic to a centralized location and filters out malicious traffic. It absorbs a high volume of malicious traffic across a distributed network of servers to shield a company’s website and applications.

Good web-application hygiene (updates and patches) is also essential for defending against denial of service disruptions.

CyberSecure can help you prevent or stop DDoS attacks aimed at your company network by implementing the best protection on the market.