PL
DE
UK
DDoS attacks are now some of the most common ways to destabilize IT system, resulting in big losses for businesses: financial, time, loss of trust in the company, reputation, etc. According to 2017 data, attacks last about 3 hours on average, but there are also attacks that block IT system for several or more days. What are DDoS attacks, how to recognize and prevent them?
The first attack appeared in 1999 at the University of Minessota, where the Trinoo (or trin00) tool was used, to block the operation of the IT system for 2 days. Trinoo consisted of a network of infected machines named “Masters” and “Daemons.” The “Masters” machines received attack instructions and sent them to the “Daemons.” These were UDP protocols sent to IP addresses and hidden behind “Deamons”. The owners of these machines had no knowledge of the situation.
What are DDoS attacks?
DDoS is a form of abbreviation for: Distributed Denial of Service and refers to a cyber attack that manifests itself by blocking an information system, i.e. a website or online store by sending too much data to it. The system is unable to process them and becomes destabilized. As a result, the website or e-store cannot be launched or make any movements on them.
DoS versus DDoS: the difference
DDoS are a type of DoS(Denial of Service) attack, however, the former comes from multiple sources, behind which may be a group of individuals, bots or infected systems.
What does a DDoS attack look like?
The goal is to block access of ordinary users to some service. This is done by sending a huge number of requests in such a way that IT system or application becomes overloaded. The hacker does not intend to steal data, but to slow down the service or block it altogether. Very often he looks for vulnerabilities in the system. The reasons can be various:
- Jokes
- System robustness test
- Willing to make a financial gain (ransom demand)
- Ideology.
The attack is not always detected immediately because the entrepreneur does not keep checking his website. The information that the website or store does not work, he may get from customers.
Types of DDoS attacks
In the 1990s, DDoS attacks were performed from single nodes (DoS), then instead of low-level attacks on network services of IT systems, crackers started destabilizing the web applications themselves, and today there are attacks targeting not only computers, but also mobile devices, tablets and artificial intelligence (IoT). Crackers look for vulnerabilities in a system’s operation, then exploit them and create a botnet, or group of infected computers, so they have control over all devices in that network. They often send spam and use other attacks, such as blackmail.
Nowadays, these kinds of attacks are well prepared and require the use of several thousand devices at once. Cracker earlier of course gets paid for it and it is not uncommon for DDoS attacks to influence public behavior or political decisions. An example is the group Anonymous and its activities.
Where were the most DDoS attacks located?
DDoS attacks account for nearly 20% of companies’ IT security exposure incidents. In 2018, such system breaches were confirmed in 79 countries, and nearly half (47.53%) of them were located in China. The longest attacks lasted nearly 300 hours, or about 12 days (victims of crackers included a Chinese telecommunications company). Another attack on a Spanish bank lasted 3 days. One can imagine how long it took to make up for such losses….
Now there is a noticeable decline in DDoS attacks that drive more traffic to the site, but an increase in attacks on smart devices. One such example is the largest-ever attack on Twitter, CNN, Spotify and many other sites in September 2016, which were then shut down. The attack was launched using IoT tricked into a botnet.
How protect yourself?
Protecting from DDoS attacks is difficult and quite specific. It relies on 3 types of actions:
- Prevention, i.e. implementing solutions to avoid attacks, minimizing the attack surface, conducting audits, performing penetration tests
- detection (sensing) by network monitoring and anomaly analysis
- counter (response), i.e., mitigating the attack and working with Internet providers.
We will write more about DDoS protection in the next text.
Protection against DDoS attacks at ITH.
Cyber security is our priority, so we offer complete protection against the aforementioned attacks and monitoring We are specialists in the telecommunications services market, and we direct our services to SMEs, startups, as well as large enterprises, public institutions, developers, financial institutions or telecommunications operators. From the beginning of our cooperation, we emphasize clear terms of cooperation and compliance with RODO regulations. We invite you to take advantage of our services.