Different IT attacks are becoming common food in the press and one of the most dominant recently is denial-of service attacks (DDoS attacks) after the SpamHaus DDoS attack, allegedly the largest one ever (Largest DDoS Attack didn’t break the Internet).
This is causing significant business risk to companies and organizations when their servers connected to the Internet are temporarily or indefinitely interrupted. There are several examples of customers suffering from significant business outages causing their entire business to stop, for example online banking, e-commerce and government organizations. We have seen reports of these in virtually every country in Europe, just recently in Denmark, the Netherlands and Sweden. (Dutch ING targeted in DDoS, Dutch example, Swedish Government Site Knocked Out, Danish Banking & Tax Payers in chaos after DDOS attack)
This results in significant trust and financial losses for the victim organization.
The DDoS attack is normally carried out when several infected machines receive instructions to query web servers en masse, causing the service to fail, no longer responds or running very slowly. It might cause the victims being unable to communicate, as the network goes down.
For the most part there are two types of DDoS attack vectors, the classic flood or volumetric attacks (UDP, SYN, ACK, ICMP etc) designed to overwhelm some part of the incoming data path and layer 7 or application attacks that target a specific resource, typical at the back end.
The volumetric attacks are easy to detect, but sometimes the flow rate/size of attack can be hard to manage. L7 or application attacks can be very difficult to detect and if you can’t detect them, you certainly cannot manage or mitigate them. Read more in this blog by Kevin Kennedy: It’s not size, but sophistication that matters
What drives and motivates the attackers varies, however, a key theme is found in hacktivism (a term used to explain a political motivation, for example Anonymous). The purpose is then to cause damage to the attacked organization to set the agenda to the attackers terms. Another angle might be national in nature, eg focused on causing damage to wider infrastructure etc. There might also be cases where it is caused to identify weaknesses and find ways of attacking the organization at a larger scale at a later stage.
DDoS attacks are considered a crime and violate the acceptable use policies of virtually all service providers. Several countries also have laws against DDoS attacks and the police are investigating the attacks mentioned above.
As Kevin Kennedy says “defending against low-and-slow attacks requires different thinking and approaches both in developing web applications and in the defenses that go in front of them. Organizations interested in safeguarding availability would be well served to consider both size and sophistication in architecting their DDoS security strategy.”
What are your thoughts on the recent DDoS attacks? Have you experienced a DDoS attack? Share your experiences in the comments below. Thanks.