Hack vector created by freepik – www.freepik.com
Distributed denial- of- service attacks, or DDoS attacks are a variant of denial-of-service attacks in which an attacker or a group of attackers employs multiple machines to simultaneously carry out a Denial of service(DoS) attack, thereby increasing its effectiveness and strength. The “army” carrying out the attacks are mostly often composed of innocent infected zombie computers such as an home router manipulated to be bots and being part of a botnet. These bots are cleverly controlled by the attacker via a Command and Control Server . It also insures the anonymity of the original attack since the distributed denial of service attack traffic originates from the bots’ IPs rather than the attacker’s. They may still be short, but may persist as powerful and sudden “punctuated” attacks that will last for several hours or several days.
With that said, there are 3 types of DDoS attacks, generally speaking, and they are: network layer attacks, application layer attacks, and server layer attacks. They could be classified upon their impact on the targeted computing resources (saturating bandwidth, consuming server’s resources, exhausting an application) or upon the targeted resources as well:
Attacks targeting Network Resources: UDP Floods , ICMP Floods , IGMP Floods.
Attacks targeting Server Resources: the TCP/IP weaknesses -TCP SYN Floods and SSL attacks, for which detection is particularly challenging.
Attacks targeting the Application Resources: HTTP Floods , DNS Floods and other Low and Slow attacks as Slow HTTP GET requests
Reason for rise in DDOS attacks:
Neglecting Internal Security Threats: Companies/ consumers are ignorant about security, infrastructure monitoring, and logging processes; Instead, they care about business continuity thus making it hard to detect weak points.
Detectable Weak Points During Remote Work: Working remotely and from home highlighted the risk of weak authentication techniques, insufficient monitoring, and exposed private servers.
Missing Expertise in Cloud Technology: Cloud technology makes it possible to access data from anywhere and any device, but companies are not aware of the importance of in-house protection of resources (APIs, SaaS, containers).
Confronting External Threats: The external threats are increasing simultaneously, and it is complicated to be prepared for all the possible attacks. The number of companies with security measurements like web application firewalls to monitor their websites and applications is really low.
Increased Use of Technology: India has been ranked as the third country with the highest number of internet users after the U.S. and China. This will have a direct impact on the enhanced number of DDoS attacks. Distributed denial of service attacks usually comprises more than three attack vectors thus increasing the attacker’s chances to hit its target and escape basic mitigation solutions.