What Is a DDoS Attack and How to Stop it?
Table of Contents
- By David Lukic
- Mar 09, 2021
Most people have heard the term Distributed Denial-of-Service Attack (DDoS), but most don’t really know what it is a DDoS and why it is so dangerous. Cybercriminals have used DDoS attacks for many years, but they are becoming more prevalent and more destructive. The goal is to overwhelm the service with more traffic than the system can handle so that it crashes. Hackers target web services, websites, and online applications with DDoS attacks.
What is a DDoS Attack?
A DDoS attack is when hackers attempt to crash a website or service and prevent it from reaching its destination (device, apps, networks, computer, server, etc.).
Often hackers use fake packets, email messages, or dozens of requests for connections to create abundant traffic, which then crashes the service. In more recent attacks, the threat actors demand ransom to stop bombarding the service with junk. They may also threaten a more severe attack if the company does not pay up.
According to Norton Antivirus, a hacker group named Armada Collective attacked banks, DNS, and web host companies using this tactic.
How Does DDoS Work?
The premise of a DDoS attack is quite simple. If a web host server, application, device, network, or service is flooded with too much network traffic, it is crippled and stops working. Basically, the service becomes overwhelmed and shuts down due to too many concurrent requests.
Norton Antivirus explains it well with:
“Network connections on the Internet consist of different layers of the Open Systems Interconnection (OS) model. Different types of DDoS attacks focus on particular layers. A few examples:
- Layer 3, the Network layer. Attacks are known as Smurf Attacks, ICMP Floods, and IP/ICMP Fragmentation.
- Layer 4, the Transport layer. Attacks include SYN Floods, UDP Floods, and TCP Connection Exhaustion.
- Layer 7, the Application layer. Mainly, HTTP-encrypted attacks.”
The most efficient way a cybercriminal group executes a DDoS attack nowadays is using botnets. Using malicious software, these hackers take control of other people’s computers, servers, and IoT devices and use them as “bots” or “zombie computers” performing tasks sent by the central controller. When enough of these computer devices are connected, they form a network of sorts called a botnet. Bad actors use these botnets to send communication requests to the same target all at once, overwhelming it until it crashes and stops working. In some instances, hackers have millions of devices connected. IoT devices are not as well secured and make great targets for a botnet. Things like baby monitors, home security cameras, smart TVs, printers, and even remotes are ideal for hacker takeovers.
These botnets are used for other nefarious tasks along with DDoS attacks.
The Different Types of a DDoS Attack
There are basically three types of DDoS attacks, one that exploits each layer.
- A volume-based attack using ICMP, UDP, and spoofed-packets is employed to flood servers and overwhelm them until they break down and stop working.
- A network-layer or protocol-layer attack sends massive numbers of fake packets directly to the network server administration or management tools. These types use SYN floods and Smurf DDoS.
- An application-layer attack floods an application with malware requests to get it to stop working
The goal for any of these types of attacks is to crash the service and render it inoperable. In some cases, it may only make it slower and less responsive but not totally unusable.
DDoS Attacks Examples
Probably the most famous DDoS attack was carried out by Michael Calce in 2000, a Canadian high schooler. The teenager nicknamed himself MafiaBoy and, using a sophisticated DDoS attack, managed to shut down Yahoo, CNN, Amazon, and eBay. Calce was charged and convicted in Montreal and later became a white-hat hacker working for the good guys identifying vulnerable systems for large, national companies.
In 2016, Dyn, a large domain name provider, was attacked by a massive DDoS event which also took down a lot of heavy-hitting websites like AirBnB, CNN, Netflix, PayPal, Spotify, Visa, Amazon, The New York Times, Reddit, and GitHub. During this attack, hackers used more than 100,000 infected botnet devices to send requests from tens of millions of IP addresses.
GitHub was hit hard with a massive DDoS attack in 2018. However, they were able to recover quickly (within 20 minutes) and were back up and running.
Over the past few years, cybercriminals have targeted huge companies, gaming organizations, software, and media conglomerates for DDoS attacks.
Sometimes DDoS attacks are used as a diversion so that while everyone is figuring out how to fix the unresponsive servers, hackers go to town installing malicious software and creating other problems such as perpetrating a data breach.
In other cases, these types of attacks are used by activists, other countries trying to disrupt U.S. government services, and sometimes they are just for show.