TechTalk
Our knowledge to you.
On October 21, 2016, the east coast of the United States woke up to find a significant portion of the Internet wasn’t working. Twitter, Etsy, Tumblr, Reddit, PayPal, SoundCloud, Spotify, Amazon, and even the New York Times were among the sites experiencing issues. The culprit was a distributed denial of service (DDoS) attack on Dyn, a New Hampshire-based Internet infrastructure company. The incident was an unusually large attack, and fortunately, it was resolved by the end of the day. However, it illustrates why DDoS is one of the biggest threats to Internet security today.
In a DDoS attack, hackers exploit computer vulnerabilities to create a botnet, an interconnected network of up to millions of machines. The botnet, sometimes colorfully referred to as a “zombie army,” is instructed to send high-volume traffic that overloads a network, effectively blocking users from accessing email, websites, online accounts, or other digital services.
A DDoS is a more sophisticated version of a DoS (denial of service) attack in which an attacker floods a network with information from a single source. DDoS attacks are much more difficult to combat because they come from multiple sources and sometimes even multiple platforms.
Thus, there are two ways you can become a victim of a DDoS attack – your network can be attacked, or your computer or other connected devices can be infected with malware and become part of a botnet carrying out a DDoS on someone else.
Typically, botnets have been composed of computers, but Gen Digital has found that connected devices that are part of the Internet of Things (IoT) are being exploited more and more. Many such devices don’t have advanced security features, and users may make the problem worse by failing to change the default passwords. Device manufacturers are taking steps to address these vulnerabilities. Still, the IoT has undeniably made the problem of DDoS even more challenging to combat – even as security concerns are a significant barrier to the growth of the IoT.
Any business can become a victim, but some of the most common targets of DDoS attacks are financial – banks or credit card payment gateways, as well as the online gaming and gambling industry. According to Kaspersky Lab, increasing attacks on organizations have been working to counter DDoS. Any size business is vulnerable, and attacks can be as brief as 30 minutes, making them hard to detect. The motivation of the perpetrators varies – it can include anything from simply demonstrating their hacking capabilities to criminal extortion.
Other times, perpetrators will attack websites devoted to news, human rights, political candidates, or elections as a form of protest or censorship — “hacktivist” groups have used it in various well-publicized attacks against religious and government entities. DDoS is a significant and persistent enough threat to freedom of expression. In March 2016, Google launched “Project Shield,” a free service to protect public-interest sites from DDoS attacks.
All DDoS activity is illegal and harmful. But according to Infosecurity Magazine, a disturbing trend of “dark DDoS” has emerged in recent years. Dark DDoS means an attack is used for something even more malicious than denying service to users. Instead, it’s used to distract IT personnel from an ongoing breach in security. Hackers research a network’s vulnerabilities and then launch a DDoS as a smokescreen. While IT personnel are distracted by DDoS, hackers penetrate the network and steal data.
The problem is growing. According to an October 2016 study by Neustar, nearly three-quarters of global firms have experienced a DDoS attack over the previous 12 months. DDoS attacks result in significant financial losses – about half of the companies reported losing $100,000 per hour, but one-third lost as much as $250,000. Worse, most took at least an hour to realize they were under attack and even longer to respond. The same study reported that DDoS attacks are more and more sophisticated in that attacks are increasingly “dark” – that is, they’re just one part of a more significant attack on an organization’s infrastructure or security — and in the techniques used to execute them.
Digital Attack Map, an online resource that tracks DDoS activity, says that over 2,000 DDoS attacks are observed daily worldwide, causing one-third of all downtime incidents. Incredibly enough, a weeklong DDoS attack can be purchased on the black market for as little as $150.
The following can reduce the chances your computer or connected device will become an unwitting part of a botnet (at work or home):
Here’s how you can prepare your business for a DDoS include:
For technical information about DDoS, including the methods used in the October 21 attack, read “On DNS and DDoS,” a blog post by Arbor Networks.
Tags: DDoS, DDoS Attack, DDoS Mitigation, DoS, hackers, Internet of Things, IoT, network security