adv

DDoS explained: How denial of service attacks are evolving

What is a DDoS attack?

A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers, devices, services, networks, applications, and even specific transactions within applications. In a DoS attack, it’s one system that is sending the malicious data or requests; a DDoS attack comes from multiple systems.

Generally, these attacks work by drowning a system with requests for data. This could be sending a web server so many requests to serve a page that it crashes under the demand, or it could be a database being hit with a high volume of queries. The result is available internet bandwidth, CPU and RAM capacity becomes overwhelmed.

The impact could range from a minor annoyance from disrupted services to experiencing entire websites, applications, or even entire business taken offline.

DDoS attack symptoms

DDoS attacks can look like many of the non-malicious things that can cause availability issues – such as a downed server or system, too many legitimate requests from legitimate users, or even a cut cable. It often requires traffic analysis to determine what is precisely occurring.

DDoS attacks today

It was an attack that would forever change how denial-of-service attacks would be viewed. In early 2000, Canadian high school student Michael Calce, a.k.a. MafiaBoy, whacked Yahoo with a distributed denial of service (DDoS) attack that managed to shut down one of the leading web powerhouses of the time. Over the course of the week that followed, Calce took aim, and successfully disrupted, other such sites as Amazon, CNN and eBay.

Certainly not the first DDoS attack, but that highly public and successful series of attacks transformed denial of service attacks from novelty and minor nuisance to powerful business disruptors in the minds of CISOs and CIOs forever.

Since then, DDoS attacks have become an all too frequent menace, as they are commonly used to exact revenge, conduct extortion, as a means of online activism, and even to wage cyberwar.

They have also gotten bigger over the years. In the mid-1990s an attack may have consisted of 150 requests per second – and it would have been enough to bring down many systems. Today they can exceed 1,000 Gbps. This has largely been fueled by the sheer size of modern botnets.

One of the most recent and powerful DDoS attacks occurred last fall when internet infrastructure services provider Dyn DNS (Now Oracle DYN) was stuck by a wave of DNS queries from tens of millions IP addresses. That attack, executed through the Mirai botnet, infected reportedly over 100,000 IoT devices, including IP cameras and printers. At its peak, Mirai reached 400,000 bots. Services including Amazon, Netflix, Reddit, Spotify, Tumblr, and Twitter were disrupted.

The Mirai botnet was significant in that, unlike most DDoS attacks, it leveraged vulnerable IoT devices rather PCs and servers, It’s especially scary when one considers that by 2020, according to BI Intelligence, there will be 34 billion internet connected devices, and the majority (24 billion) will be IoT devices.

Unfortunately, Mirai won’t be the last IoT-powered botnet. An investigation across security teams within Akamai, Cloudflare, Flashpoint, Google, RiskIQ and Team Cymru uncovered a similarly sized botnet, dubbed WireX, consisting of 100,000 compromised Android devices within 100 countries. A series of large DDoS attacks that targeted content providers and content delivery networks prompted the investigation.