Our knowledge to you.
On October 21, the east coast of the United States woke up to find a significant portion of the Internet wasn’t working. Twitter, Etsy, Tumblr, Reddit, PayPal, SoundCloud, Spotify, Amazon, and even the New York Times were among the sites users were having trouble reaching. The culprit was a distributed denial of service (DDoS) attack on Dyn, a New Hampshire-based Internet infrastructure company. The incident was an unusually large attack, and fortunately it was resolved by the end of the day. However, it illustrates why DDoS is one of the biggest threats to Internet security today.
In a DDoS attack, hackers exploit computer vulnerabilities to create a botnet, an interconnected network of up to millions of machines. The botnet, which is sometimes colorfully referred to as a “zombie army,” is instructed to send high volume traffic that overloads a network, effectively blocking users from accessing email, websites, online accounts, or other digital services.
A DDoS is a more sophisticated version of a DoS (denial of service) attack, in which an attacker floods a network with information from a single source. DDoS attacks are much more difficult to combat because they come from multiple sources, and sometimes even multiple platforms.
Thus, there are two ways you can become a victim of a DDoS attack – your network can be attacked, or your computer or other connected device can be infected with malware and become part of a botnet carrying out a DDoS on someone else.
Typically, botnets have been comprised of computers, but Symantec has found that connected devices that are part of the Internet of Things (IoT) are being exploited more and more. Many such devices don’t have particularly advanced security features, and users may make the problem worse by failing to change the default passwords. Device manufacturers are taking steps to address these vulnerabilities, but the IoT has undeniably made the problem of DDoS even tougher to combat – even as security concerns are a significant barrier to the growth of the IoT.
Any business can become a victim, but some of the most common targets of DDoS attacks are financial – banks or credit card payment gateways, as well as the online gaming and gambling industry. According to Kapersky Lab, there have been increasing attacks on organizations working to counter DDoS. Any size business is vulnerable, and attacks can be as brief as 30 minutes, making them hard to detect in many instances. Motivation of the perpetrators varies – it can include anything from simply demonstrating their hacking capabilities to criminal extortion.
Other times, perpetrators will attack websites devoted to news, human rights, political candidates, or elections, as a form of protest or censorship — “hacktivist” groups have used it in a variety of well-publicized attacks against religious and government entities. DDoS is a significant and persistent enough threat to freedom of expression that in March 2016 Google launched “Project Shield,” a free service intended to protect public-interest sites from DDoS attacks.
All DDoS activity is illegal and harmful. But according to Infosecurity Magazine, a disturbing trend of “dark DDoS” has been emerging in recent years. Dark DDoS means that an attack is used for something even more malicious than simply denying service to users – instead, it’s used to distract IT personnel from an ongoing breach in security. Hackers research a network’s vulnerabilities, and then launch a DDoS as a smokescreen. While IT personnel are distracted by the DDoS, the hackers penetrate the network and steal data.
The problem is growing. According to an October 2016 study conducted by Neustar, nearly three-quarters of global firms have experienced a DDoS attack over the previous 12 months. DDoS attacks result in significant financial losses – about half of the companies reported losing $100,000 per hour, but one-third lost as much as $250,000. Worse, most took at least an hour to realize they were under attack and even longer to respond. The same study reported that DDoS attacks are more and more sophisticated, in that attacks are increasingly “dark” – that is, they’re just one part of a larger attack on an organization’s infrastructure or security — and in the techniques used to execute them.
Digital Attack Map, an online resource that tracks DDoS activity, says that more than 2,000 DDoS attacks are observed daily all over the world, causing one-third of all downtime incidents. Incredibly enough, a weeklong DDoS attack can be purchased on the black market for as little as $150.
Here are ways you can reduce the chances your computer or connected device will become an unwitting part of a botnet (at work or at home):
Things you can do to prepare your business for a DDoS include:
For technical information about DDoS, including the methods used in the October 21 attack, read “On DNS and DDoS,” a blog post by Arbor Networks.Tags: DDoS, DDoS Attack, DDoS Mitigation, DoS, hackers, Internet of Things, IoT, network security