DDoS Attack: Understanding the Basics of A Rising Cyberthreat
The number of DDoS attacks has surged up amid the COVID-19 pandemic.
In the past few months, DDoS attacks have increased in frequency and with higher sophistication. Cloudflare reported witnessing a rise in extortion and ransom-based DDoS (RDDoS) cyberattacks targeting organizations worldwide in 2020.
As per an article by Zdnet, analysis of cyberthreat and criminal activity by security researchers at Neustar found that the number of DDoS attacks grew by 154% between 2019 and 2020. Financial services, telecommunications and government agencies are some of the sectors most targeted by attackers. The Cloudflare report also mentions that the web protection and security companies observed an increase in the number of large DDoS attacks over 500Mbps and 50k packets per second (pps). Simultaneously, attack vectors continued to evolve with protocol-based attacks seeing a three to ten times increase compared to the third quarter of 2020.
A DDoS or distributed denial-of-service attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network. When a data packet arrives at its destination in a network, it issues a request for access. The destination router or server reviews the request and either accepts or denies it. DDoS attack aims to overwhelm the target or its surrounding infrastructure with a flood of Internet traffic comprising harmful data packets requesting access. As a result, the network server ends up crashing or disrupting its services, inflicting huge losses for companies.
In general, we have three basic categories of DDoS attack:
- volume-based attack: It uses high traffic to inundate the network bandwidth
- protocol attack: This focuses on exploiting server resources
- application attack: This targets web applications and are considered the most sophisticated and serious type of attacks
Also different types of DDoS attacks focus on particular layers. For instance, according to antivirus expert Norton,
- Layer 3, the Network layer: These attacks are known as Smurf Attacks, ICMP Floods, and IP/ICMP Fragmentation.
- Layer 4, the Transport layer: Such attacks include SYN Floods, UDP Floods, and TCP Connection Exhaustion.
- Layer 7, the Application layer: They are primarily, HTTP-encrypted attacks.
DDoS is different from the denial of service (DoS) attack where a computer is used to flood a server with TCP and UDP packets. While the former uses multiple internet connections to put the victim’s computer network offline, the DoS attack uses a single connection. Besides, DoS attacks are generally launched by using a script or a DoS tool like Low Orbit Ion Cannon. Comparatively, DDoS attacks are executed through the use of botnets or networks of devices under the control of an attacker. It implies that DoS attacks are on the lower end of cyberthreat spectrum while DDoS attacks are on the higher end.
Last February, Amazon Web Services (AWS) suffered a massive DDoS attack that targeted an unidentified AWS customer using a Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection technique. This technique depended on vulnerable third-party CLDAP servers and amplified the amount of data sent to the victim’s IP address by 56 to 70 times. Lasting for almost three days, this DDoS peaked at an astounding 2.3 terabytes per second. However, the most lethal DDoS attack took place in 2016, when Mirai malware-infected Internet of Things (IoT) devices, turning them into botnets that created DDoS attacks on security expert Brian Krebs, DNS solution provider Dyn, and the internet access across Liberia.
As per, threat intelligence report by A10 Networks, last year, India hosted about a third (32%) of DDoS botnet agents, followed by Egypt hosting almost a quarter (24%) of hijacked devices. In terms of DDoS weaponry source, China hosted 2,000,313 DDoS weapons compared to the United States’ 1,900,812.