2022's best place for Cybersecurity Insights and Advice for Everyone

#1 - Signup to our list and get regular insights and advice on how to be cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

What is a DDoS (Distributed Denial of Service) attack?

by Cyberguy | Last Updated | September 2, 2021
Cyber Dictionary|CyberSecurity - SMB

You’re in rush hour traffic, traffic is moving smoothly and at a decent speed. You go under an overpass; on the other side is the onramp from a cross street where additional cars are entering a rapid pace onto the freeway. The number of vehicles entering the freeway increases quickly and the freeway slows to a crawl. It comes to a complete standstill – you are stuck and everyone on the freeway is stuck, you cannot move. A DDoS attack is like this – except the freeway is the website you want to visit or the network to get to the website, it’s overloaded with traffic. It simply stops working and everything grinds to a halt. The difference with a DDoS attack is it’s happening on purpose.  

What is a DDOS Attack - visual

When you hear or see reports about a website or an online service being “brought down by hackers,” it most often means it has become a victim of a DDoS attack.

So what is a DDoS (Distributed Denial of Service) attack?

DDoS, which stands for Distributed Denial of Service, is a coordinated attack intended to crash websites or online systems by overwhelming them with data. DDoS attacks are initiated for various reasons including – young hackers just causing havoc, political revenge, online activism, and others. They can result in minor annoyances for users or long-term downtime for businesses and in the worst cases cause severe economic harm.

Unlike ransomware or most cyberattacks, which are generally motivated to produce a financial return for the cybercriminal, DDoS attacks are primarily focused on being disruptive and annoying. An example of such attacks was against the online game World of Warcraft, where the DDoS attack took the game down and affected thousands of avid gamers for an extended period of time. The point here is the attackers didn’t care about making money off of the DDoS attack – they simply did it to cause pain.

How do DDoS attacks work?

The strategy behind DDoS attacks is fairly simple – overwhelm a website or online service. Attacks can range in their level of sophistication but the basic idea of a “denial of service” attack is to flood a website/service such that it becomes inoperable. Technically the DDoS cyberattack targets components of a website/service – such as the webserver, the network router, firewall, etc. with various types of requests and overwhelming volumes of data so the targeted site or system crashes or simply can’t respond.

How a DDOS attack works

DDoS attacks generally require an army of devices to participate in the attack to generate the level of traffic necessary to overwhelm a website or online service. In order to do this cybercriminals use botnets which consist of 10s, 100s or even millions of devices spread across the internet. Botnets are networks of devices that have been infected with malware (malicious software) and activated when the DDoS attack is initiated. These devices act as robots (also known as bots, Zombies), executing commands that generate the desired network traffic and service requests that ultimately overload the targeted site or service. Devices within a botnet could be laptops, desktops, phones, IoT devices, even printers. Prior to the DDoS attack, the bad actors infect devices with the botnet malware using a myriad of methods – viruses, worms, trojan horses, phishing emails, etc. Once infected these devices can then be activated at any time to participate in a DDoS attack.

#2 So here we are at the middle of the post. We still think it's a good idea to signup.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

What are the types of DDoS attacks

DDoS attacks typically fall into one or more categories, with some sophisticated attacks using multiple approaches. These categories are:

Best options for protecting against DDoS attacks

Unfortunately, protecting networks and online services from DDoS attacks can be a difficult task. Companies need to build a plan to defend and mitigate such attacks.

First part of that plan is determining what the company’s vulnerabilities are. This will then determine what the protection protocol will need to be.

How to mitigate a DDOS Attack

In general, the protect protocol will need to focus on two capabilities: 

#2 So here we are at the middle of the post. We still think it's a good idea to signup.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

Quick action response

Identifying a DDoS attack early improves the ability to contain or mitigate harm. Advanced networking technologies and anti-DDoS services can assist in recognizing abnormal spikes in network traffic and a possible DDoS attack.

If a DDoS attack is occurring engaging your ISP ASAP to re-route traffic is a primary defensive response. This is particularly useful if the ISP supports Black Hole routing which them directs all DDoS traffic to a null destination rendering its effects on the site or service it was initially targeting.

You should also consider a backup ISP to which services could be redirected which could then help maintain service accessibility even under the DDoS threat.

Also, consider services that disperse the massive DDoS traffic among a network of servers rendering the attack ineffective. 

Active Network devices (firewalls and routers)

Network devices, such as Firewalls and routers, are the first line of defense. Modern networking devices support configurations that will reject bogus traffic and become an active participant of a company’s defensive position against “denial of service” attacks.

What is critical with all network devices and all devices for that matter is maintaining all of those devices with the latest operational and, most importantly, security patches.

How to avoid having your devices participate in DDoS attacks

Denial of Service attacks, like many cybersecurity threats is best defended against at the source. The source for literally all attacks unfortunately falls on users, whether those users are individual consumers, corporate users or companies themselves. While there are cases where malware (specifically botnet malware in the case of DDoS attacks), can be deployed without direct user action (unknowingly downloaded), the vast majority of devices and systems are infected because of human error – visiting unsafe web sites, hovering over popup ads (drive-by-download), clinking links in phishing emails, not maintaining devices with current security patches, etc. 

To defend against unwittingly participating in a botnet or DDoS attack the best and most effective strategy is applying basic cyber security and cyber hygiene practices. The most relevant ones being – use common sense, keep your devices updated with the latest security patches, “check twice, click once”, and use quality antivirus/antimalware tools to protect your digital assets.

#3 You really should sign up. "Scouts Promise" ... it really will help you stay cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.