A DoS attack is a hacking technique that floods the victim's server, network, or application with an overwhelming number of requests, packets, or messages from a single source. DDoS attacks are similar, except that instead of from one source, the attack originates from multiple sources.
The first thing an attacker does is take control of a network and the devices in it. These devices are infected with malware and used to carry out the attack. This collection of infected devices under the attacker's control is called a botnet.
Rather than infiltrating the network, in a DoS or DDos attack, the objective of hackers is to take down the target site and make it unavailable to regular users. This could affect the reputation of the organization and lead to a loss of trust among customers.
The first DoS attack was initiated by David Dennis, a 13-year-old high school student, in 1974. Since then, attack methods may have evolved, but the underlying principle remains the same.
Ping of death: In this type of attack, targeted services are disrupted using a single ping command that sends IP packets larger than the 65,536 bytes allowed by the IP protocol. Hackers only need the IP address of the victim to carry out this attack.
Buffer overflow: Attackers exploit buffer overflow situations by overwriting parts of system memory with malicious code. When a process attempts to write more data to a fixed length block of memory, a buffer overflow occurs. This will cause the overrun data to leak to adjacent buffers with a fixed allocated space, corrupting the data it holds.
TCP SYN: This technique involves the attacker repeatedly sending high volumes of SYN packets to the target server. The server's resources are all utilized processing these incoming packets, leaving the victim's server unable to address requests from regular users, effectively bringing down the service.
Once ransomware finds its way into a system, it encrypts the data in that system. The attack uses simple encryption algorithms using the same encryption and decryption key. However, the strongest ransomware uses public/private key cryptography. By using separate keys for encryption and decryption, the user will not be able to recover the files unless the attacker provides it once the ransom is paid.
In 2018, online code management service GitHub fell victim to a DDos attack. Incoming traffic was clocked at 1.3 terabytes per second (Tbps), sending packets at a rate of 126.9 million per second. Because GitHub invested in a DDoS protection service, it was alerted within 10 minutes of the start of the attack and was able to restore normalcy in under 20 minutes.
Managed DNS provider Dyn was hit by a series of massive DDoS attacks in 2016 as a result of its network being infected by malware that deployed an army of remotely controlled bots. Websites affected included Netflix, PayPal, Reddit, Spotify, Twitter, and others. The attack was mitigated by rerouting the huge volume of traffic, and services were back by the end of the day.
In 2013, a DDoS attack crippled the website and email service of Spamhaus. The traffic during the attack was estimated to be 300Gbps. The mastermind behind the attack was Cyberbunker, who was blacklisted by Spamhaus.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
You will receive weekly cybersecurity news soon!
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.