As cybercrime becomes more sophisticated, one of the most dangerous forms of cyberattacks is the denial-of-service (DoS) and distributed denial-of-service (DDoS) attack. These attacks can affect any system or device that is connected to the internet, causing them to become unavailable to legitimate users. This post will provide a comprehensive guide to these types of attacks and offer suggestions for how to protect yourself.
What is a denial-of-service attack?
A denial-of-service (DoS) attack refers to a form of cyberattack that renders legitimate users unable to access information systems, devices, or other network resources, because of the malevolent actions of a cyber threat actor. The attacker inundates the targeted host or network with excessive traffic, causing it to either crash or become unresponsive, thereby denying access to legitimate users. This can lead to significant losses in time and money for organisations, as their resources and services become unavailable.
What are common denial-of-service attacks?
There exist various techniques used to execute a DoS attack, with one of the most frequently employed being network server flooding. In this type of attack, the perpetrator inundates the target server with numerous requests, causing an overload of traffic. These requests are deceitful and have fabricated return addresses, which confuses the server during the authentication of the requestor. This continuous processing of false requests results in the server being inundated and overwhelmed, ultimately leading to a DoS condition for legitimate requestors.
Additionally, two other popular types of DoS attacks are the Smurf Attack and the SYN flood.
- In a Smurf Attack, the attacker sends broadcast packets of Internet Control Message Protocol to several hosts, but with a falsified source Internet Protocol (IP) address that belongs to the target machine. The recipients then respond to these forged packets, and the targeted host gets flooded with these responses.
- A SYN flood takes place when an attacker sends a connection request to the target server but fails to finalise the connection by completing a three-way handshake, which is a technique employed in a Transmission Control Protocol (TCP)/IP network to create a connection between a local host/client and server. The incomplete handshake leaves the connected port in an occupied status and inaccessible for further requests. The attacker continues to send requests, saturating all open ports, thereby preventing legitimate users from connecting.
What is a distributed denial-of-service attack?
When multiple machines are coordinated to attack one target, it results in a distributed denial-of-service (DDoS) attack. These attacks are typically carried out using a botnet, which is a group of internet-connected devices that have been hijacked by attackers. The attackers exploit security vulnerabilities or device weaknesses to take control of numerous devices using command and control software. Once the attacker gains control, they can command the botnet to carry out a DDoS attack on the target. The infected devices are also victims in this scenario.
- Botnets, which are comprised of compromised devices, can also be rented out to other attackers, including unskilled users who use “attack-for-hire” services to launch DDoS attacks.
- DDoS attacks increase the attack power by allowing exponentially more requests to be sent to the target, making it harder to identify the true source of the attack.
The magnitude of DDoS attacks has increased as more devices come online through the Internet of Things (IoT). IoT devices often have weak security postures, use default passwords, and are vulnerable to compromise and exploitation. Infected IoT devices often go unnoticed by users, and attackers can easily compromise hundreds of thousands of these devices to carry out high-scale attacks without the device owners’ knowledge.
What do you do if you think you are experiencing an attack?
Acting quickly is crucial when suspecting a DoS or DDoS attack targeting your network or device. The following steps can be taken to mitigate the attack:
- Immediately notify your Internet Service Provider (ISP) or Cloud Service Provider (CSP). They may have the capability to divert the attack before it reaches your network.
- Monitor your network closely to identify the source and type of attack. Look out for IP addresses that are sending large amounts of traffic and the ports that are being targeted.
- Block the source of the attack by filtering traffic from the identified IP addresses or ports.
- Adjust your firewall rules to limit incoming and outgoing traffic.
- Increase your network bandwidth to accommodate the increased traffic load.
- Consider utilising a DDoS protection service to prevent future attacks.
If your organisation has a disaster recovery plan, activate it to ensure that all critical services are available during the attack.
It’s also worth considering having cyber insurance to protect your organisation against the financial losses that can result from a successful DoS or DDoS attack. Cyber insurance policies can help cover the costs associated with investigating the attack, restoring systems and data, notifying customers and other stakeholders, and potentially paying out any legal settlements or regulatory fines. Some policies may also cover the costs of implementing new security measures to prevent future attacks.
When considering cyber insurance, it’s important to understand the scope of coverage, including any limitations, exclusions, deductibles, and premiums. It’s also crucial to assess your organization’s risk profile, including the likelihood and potential impact of a cyber-attack, to determine the appropriate level of coverage needed.
It’s recommended to work with a trusted insurance broker or specialist to find a cyber insurance policy that meets your organisation’s needs and budget. Additionally, having cyber insurance can also demonstrate to customers and partners that your organisation takes cybersecurity seriously and has taken steps to mitigate the financial risks associated with cyber-attacks.
Denial-of-service attacks can be devastating to organisations, causing loss of revenue, reputation damage, and increased security risk. By understanding the types of attacks and implementing proactive security measures, organisations can reduce the risk of becoming a target of a DoS or DDoS attack. If an attack does occur, it is important to act quickly to mitigate the attack and restore normal service as soon as possible.