Cyber Attack
Cyber Attack: what is a DDoS Attack? What you need to know

A distributed denial of service (DDoS) attack is a deliberate attempt to disrupt access to your company’s resources. It may be a flood of unwanted data to a web server, or a carefully orchestrated campaign organized to cause financial damage or destruction from several actors.

How does it work?

The key difference between a denial of service attack (DoS) and a distributed denial of service is that a distributed utilizes more than one machine to create unwanted traffic. When an attacker compromises several systems with a type of malware, that can be controlled, these systems can be told to send loads of internet traffic that can cause servers to crash. Using this compromised network, or otherwise known as a botnet, the attacker can direct the systems to begin a relentless series of attacks on an unprotected system. Web servers become overwhelmed with data and processors, memory and hardware start to fail, which cause denial to legitimate traffic from customers. Imagine an e-commerce webpage going down on the biggest shopping day of the year, or a financial system failing for customers needing to access their accounts. These tactics are extremely common and have caused serious harm to businesses across the world.

What are some common attacks?

Some of the most common DDoS attacks can happen at many layers of the network stack. An application layer attack can cause a web server to have to process several HTTP requests. While these requests are easy to generate for the client’s browser, servers must process these, and they can be intensive. These attacks are very successful at disrupting traffic on a web server.

Another common method is the traffic attack. This attack targets a server with TCP, UDP, and ICMP packets. In short, if a simple constant ping on a server to verify its connectivity might sound harmless, but when tens of thousands of devices are all doing it at once, it can be catastrophic for a company.

Lastly, a bandwidth attack will hijack a server’s allowable bandwidth to cause a denial of service. This attack can be any combination of the attacks previously mentioned but essentially creates an overload, where the network provider cannot support the level of bandwidth needed for all the traffic, thus creating a service denial.

What can be done to stop DDos?

DDoS attacks are not very sophisticated, but thankfully there are ways to mitigate these forms of attacks. A web application firewall can protect against application-level attacks. These firewalls utilize rules that can filter requests based on them and drop a malicious attempt to disrupt traffic.

Rate limiting can be set up on servers to limit the number of requests within a given time period. Generally, attacks have characteristics that allow it to be identified, as they are all coming from the same IP address. Web server security can be enhanced by enabling these features. Furthermore, by utilizing and subscribing to threat intelligence, malicious IPs and locations can be blacklisted from communicating with your servers. This in itself, can give provide you an edge over attacker by knowing who they are before they find you.

At 247secops, we can provide you a consultation, and give you the tools you need to protect your company. With the most capable solutions in place, we can test and verify the effectiveness, and continue to manage your security architecture over its lifecycle.

Share this content: