What is an example of a DDoS attack?

by
What is an example of a DDoS attack

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up a highway, preventing regular traffic from arriving at its desired destination.

What are the common types of DDoS attacks?

There are several categories and types of DDoS attacks, each one differing in the method it utilizes to flood systems and networks with bogus traffic in order to overwhelm the target. Here are some common DDoS attack types:

  • Volume-based attacks: This form of DDoS aims to saturate the bandwidth of the attacked site, system or network. Volumetric assaults direct a substantial amount of junk traffic at the target, consuming available bandwidth and overwhelming connectivity, often utilising amplification techniques to generate massive traffic. These attacks use large packet floods from spoofed IP addresses.
  • TCP state-exhaustion attacks: These attacks aim to consume server side resources by exploiting the TCP protocol. They establish multiple half-open or idle TCP connections, each of which consumes system resources. This type of attack causes servers to run out of resources, denying service to legitimate users.
  • Application layer attacks: Rather than directly overloading site resources, these attacks target parts of applications or services at higher layers. Application layer attacks consume resources by sending application calls, such as HTTP GET/POST requests or SQL queries to targeted services or databases.
  • ICMP attacks: This form of DDoS attack operates by exhausting server resources via exploitation of the ICMP protocol. It floods the target with spoofed ICMP echo requests (pings), overloading network bandwidth and resources.

What are common DDoS attack tools?

Attackers leverage a variety of tools to carry out DDoS campaigns. Here are some commonly utilized DDoS tools and botnets:

  • LOIC: The Low Orbit Ion Cannon is a common open source network stress testing and denial-of-service attack application, allowing users to flood targets with TCP or UDP traffic.
  • HOIC: The High Orbit Ion Cannon is an open source network stress tool and denial-of-service attacker application, based on LOIC. It allows users to control voluntary botnets to perform DDoS attacks.
  • Trinoo: Trinoo utilizes a client/server model to carry out distributed denial-of-service attacks via UDP flood attacks or TCP SYN flood attacks.
  • TFN: The Tribe Flood Network is a DDoS tool that relies on ICMP echo request and UDP packet floods to conduct denial of service attacks.
  • Mirai: Mirai is a malware that infects IoT devices to transform them into remotely controlled bots that can launch DDoS attacks.
  • Stacheldraht: Stacheldraht is a DDoS tool that uses a modified version of Trin00. It utilizes TCP and ICMP floods as attack vectors.
  • Shaft: Shaft is a DDoS tool that relies on sending spoofed UDP packets to random destination ports on the target system.
  • Botnets: Botnets like Phantom Squad, Lizard Squad and Anonymous leverage networks of malware infected computers to carry out coordinated DDoS attacks.

What are common DDoS attack targets?

DDoS attacks aim to overwhelm websites and online services with traffic in order to disrupt their availability. Here are some common targets of these denial of service attacks:

  • Websites – Online businesses, media sites, banks and other organizations with a web presence are frequent DDoS victims.
  • Cloud services – Cloud infrastructure and platforms are attractive DDoS targets.
  • Gaming services – Online gaming systems and game networks are hit with DDoS campaigns that aim to take games offline.
  • Financial services – Banks, trading firms and financial organizations often deal with DDoS attacks attempting to disrupt operations.
  • DNS providers – DNS hosting services are struck with DDoS attacks that aim to undermine essential internet functions and availability.
  • CDNs – Content Delivery Networks that help speed delivery of websites and apps are impacted by large bandwidth consuming attacks.
  • VoIP services – DDoS attacks may target Voice over IP communication tools, overwhelming networks with traffic to disrupt connectivity.
  • Government sites – High profile government sites and agencies are common DDoS targets, often for political motivations.

Essentially any online system, service or website that is dependent on internet connectivity and infrastructure can be vulnerable to DDoS attacks. Attack motivations vary widely, ranging from cyberwarfare, hacktivism, extortion and vandalism, to competitive or personal vendettas.

What was the Mirai botnet attack?

The Mirai botnet was used to execute massive and unprecedented DDoS attacks in 2016. It emerged as a powerful new DDoS weapon that leveraged insecure Internet of Things (IoT) devices.

Mirai scans for IoT gadgets like cameras, DVRs and routers protected only by factory default or no passwords at all. Once it identifies vulnerable devices, it infects them with malware that enables remote control for cybercriminal purposes.

With each compromised IoT device becoming part of its botnet army, Mirai amassed massive scale, reported to exceed 600,000 nodes at its peak. This distributed botnet was then used to launch crippling DDoS attacks topping 1 Tbps against infrastructure providers.

Victims included DNS provider Dyn, causing widespread Internet outages and service disruptions across Europe and North America. Other targets like OVH and KrebsOnSecurity were similarly struck with massive assaults that overwhelmed bandwidth.

The Mirai attacks highlighted the risk that poorly secured IoT devices present. Their inherent vulnerabilities, combined with lax password security, allowed the botnet to conscript them into its DDoS workforce en masse.

The Mirai source code was eventually released publicly, allowing criminals to utilize and evolve its capabilities to power subsequent IoT botnet strains. However, the original Mirai attacks represented a watershed moment, demonstrating the havoc weaponized IoT botnets could unleash via DDoS.

What was the impact of the Mirai attacks?

The DDoS campaigns launched by the Mirai botnet had substantial repercussions for targeted firms and internet infrastructure:

  • Major internet outages and slowdowns – The DNS provider Dyn suffered an attack exceeding 1 Tbps, causing issues or outages for sites including Twitter, Netflix, Reddit, CNN and many more.
  • Significant costs incurred – An ISP like OVH had to invest heavily in mitigation efforts including new DDoS protections after being hit by a Mirai DDoS attack over 900 Gbps.
  • Loss of revenue and customers – Firms that faced disruptions likely incurred revenue losses as customers moved away from perceived unreliable services.
  • Reputational damage – Service interruptions hurt brand reputations and trustworthiness. Firms hit with Mirai DDoS had to work to regain customer confidence.
  • Security improvements necessitated – Targeted firms needed to bolster DDoS defenses and bandwidth capacity to handle similar scale attacks going forward.
  • Greater IoT device scrutiny – The exploitation of IoT devices forced greater attention on the need to properly secure them from compromise.
  • Rise in DDoS-for-hire offerings – Mirai’s effectiveness spawned many imitators and led to more DDoS-as-a-service offerings in the criminal underground.

The Mirai DDoS attacks revealed the risks of inadequately secured IoT devices. Its massive assaults highlighted the need for robust, layered DDoS protections and more diligence in IoT device security.

What are the biggest DDoS attacks on record?

Cybercriminals continue to leverage powerful botnets and evolving techniques to launch ever-larger DDoS attacks against high profile targets. Here are some of the biggest publicly reported DDoS attacks:

Year Target Scale
2020 Amazon AWS 2.3 Tbps
2018 GitHub 1.35 Tbps
2017 Google 2.54 Tbps
2016 Dyn DNS 1.2 Tbps
2015 BBC 609 Gbps
2014 NTT Communications 320 Gbps
2013 Spamhaus 300 Gbps
2012 CloudFlare 123 Gbps

With each passing year, larger and more disruptive DDoS attacks are launched by utilizing emerging techniques and compromised device networks of unprecedented scale. Attacks exceeding 1 Tbps are increasingly common today.

What are DDoS trends and predictions?

DDoS threats continue to evolve in terms of both scale and sophistication. Here are some trends and predictions around these attacks:

  • Increasing frequency of multi-vector attacks that combine multiple DDoS attack types for greater impact.
  • Proliferation of DDoS-for-hire services in the cybercriminal underground, allowing easy access to stresser services.
  • Attacks exceeding previous records in bandwidth, packets per second and connections per second as huge botnets are assembled.
  • Amplification attacks abusing protocols like CLDAP, DNSSEC, ARMS, WS-DD, CoAP, Jenkins and more for increased firepower.
  • More focus on direct attacks on infrastructure providers as well as their customers to maximize disruption.
  • Sustained use of IoT botnets despite efforts as insecure devices remain abundant attack vectors.
  • Increasing investment in scrubbing centers and cloud based DDoS protections by infrastructure and hosting firms.
  • Higher costs for organizations without adequate DDoS protection as attack threats grow.

How can targets defend against DDoS attacks?

Organizations looking to protect themselves from denial of service attacks should take a layered, defense-in-depth approach. DDoS mitigation tactics include:

  • Utilizing a web application firewall to filter malicious traffic and protocol anomalies.
  • Increasing overall bandwidth and network capacity to be able to absorb traffic floods more effectively.
  • Enabling black hole routing to direct unroutable traffic into oblivion instead of the target.
  • Obtaining DDoS protection services to scrub and mitigate attacks in the cloud or through an ISP.
  • Monitoring traffic to detect attack spikes and patterns to facilitate timely response.
  • Implementing intrusion prevention systems to identify and stop known attack traffic signatures.
  • Building in DDoS resiliency from the start for applications and infrastructure.
  • Reducing the attack surface by closing unused ports, enabling only necessary services and protocols.
  • Maintaining patching hygiene across all systems, applications and devices to eliminate vulnerabilities.

Conclusion

DDoS threats continue to plague organizations of all types and sizes. As botnets grow in power and sophistication, DDoS attacks are increasing in scale and frequency. To defend against these attacks and mitigate their impact requires diligence – from properly securing devices that could contribute to botnets, to implementing layered defenses.

By understanding the common DDoS attack types, tools and targets, organizations can better orient their defenses. However, these threats are constantly evolving, requiring continued vigilance to identify emerging tactics and vulnerability trends being exploited. Those hoping to avoid business disruption from DDoS attacks need to take such threats seriously and plan accordingly as part of their risk management strategy.