According to latest news, RT.com- an International Russian- based Television network faced a sudden temporary slowdown that reached to about 10GBps in strength. The company reported that it was due to the DDoS attack that was identified as a UDP-flooded type and reached 10 GB per second. Another news I heard was about the attack of a hacker group named ‘Lizard Squad’ on the Destiny Console Game Servers. The group used DDoS attack that brings down the game server. The company said that have faced and suffered because of this attack in the past also. Even the Google coattails are being continuously rid by DDoS attack. The Google web crawlers are being exploited by cyber criminals by launching DDoS attacks. But what are these DDoS attack?
A Distributed Denial of Service (DDoS) attack is an attempt to interrupt an online service like a banking website or a news website by making it unavailable by overwhelming it with traffic from multiple sources. Since this attack involves multiple sources, it becomes difficult or impossible rather to stop the attack by blocking a single IP. Also it becomes difficult to identify the origin of attack because of the involvement of multiple points of origin. Usually, the motive, means and targets of these attacks may vary consisting of efforts to suspend or interrupt or even damage the services of the targeted system or website, temporarily. How these attacks are generated?
The malicious hacker or the cyber criminals commands a fleet of computers controlled remotely to send a flood of network traffic to the targeted host. The host gets stuck in responding to these fake requests generated by the attackers and as such, unable to respond to its legitimate requests. This causes the target host to responds that result in long delays and breakdowns. The DDoS attacks are easy to generate and cheap to initiate. This is the reason that these attacks are increasingly every year.
The entire scenario goes in this way. The attacker builds ‘botnets’ or ‘robot network’ which is a network of infected computers sometimes called as ‘Zombies’. The botnet is created by the attacker by sending malicious softwares via websites, social media, mails, etc and then controlling them remotely. The owners have no idea about their systems being used as an army, remotely by someone. And the attacker then uses these systems to launch the attack on the targeted host as and when needed. These botnets may sometime involve millions of infected systems worldwide and are very strong. These botnets generate floods of traffic on the targeted host. The traffic can be generated by either sending multiple connection requests that a server is unable to handle or by sending huge amount of arbitrary data to use the target host’s bandwidth. The difference between a DoS and DDoS attack is that a DoS attack involves a single computer and a single internet connection to flood a target host whereas in DDoS, multiple computers are involved to flood a target host.
There are different types of DDoS Attacks, mainly TCP-Connection Attacks, Volume-Based Attacks, Protocol Attacks and Application Layer Attacks.
- The Volume-Based Attacks are generated to consume the bandwidth either between the target network and internet or within the network. These attacks include UDP Floods, ICMP Floods and other spoofed-packet floods.
- The TCP-Connection Attacks are generated to use all the available connections to build various devices like load-balancer, firewalls and application servers.
- The Application Layer Attacks are generated for targeting specific aspect of an application. This attack is effective even with a few attacking machines with a low traffic rate.
It is interesting to know that the names of the DDoS attacks are pretty amusing but disturbing. For Example, MyDoom is a DDoS attack that attacked the Microsoft. Some others are:
- Ping of Death: Huge electronic packets are generated and are sent to the target system.
- MailBomb: Crashes email server by sending large number of emails.
- TearDrop: pieces of illegitimate packets are sent to the target system. When the target system tries to recombine these packets, it crashes.
- Smurf Attack: ICMP messages are sent to the reflectors.
- Carpet bombing DDoS Attack: The Internet service provider’s customers sent with large quantities of garbage network traffic. The potential targets of these include Data center operators, web hosting companies, and large corporate networks who run their pool of IP addresses
DDoS attack has clutched almost everyone over internet, including even the kings of internet like Microsoft, Yahoo and even Google. According to an investigation, Cyber Criminals are pretending to be the Google web crawlers. When we search for any word in the Google search engine, a set of tools and processes work to find this information. This software is called Googlebot which is a system of web crawlers or spiders that scans the internet continuously to search new pages which it adds to the library from which it draws the data that matches best with our search. But, according to a survey, more than 50million visitors are fake crawlers that visits 10,000 websites every month, out of which, about 4% are not what they claim to be. Also, out of these, about 24% are used by hackers to carry out DDoS attacks. These hackers send huge amounts of data to use the servers’ full data transmission capacity resulting it to crash. So, it is clear that the DDoS attackers have not even speared Google. But, what steps Google is taking to tackle these cyber criminals??
Google and ARBOR Network have come in collaboration to build a data visualization that maps global DDoS attacks on daily basis. The basis of this tool is the anonymous data that is related to these attacks, that allows users to explore historical trends and make the connection to related news events. The updations in the data are done daily. The historical data can be viewed for any country all round the world. The Digital Attack Map keeps an eye on the various kinds of cyber attacks taking place all over the Internet. When the map is clicked, the details on the kinds of attack, their volume of traffic, network ports involved, attack source and attack targets (country), are provided. Though, this information seems to be less meaningful, but helps a lot to give a brief view of internet traffic attacks. With the idea of providing a brief view and surfacing this data, it is hoped that more decisions will be made to reduce the DDoS Attacks.
Some other methods to mitigate the DDoS attacks can be:
- Buy a more bandwidth used for good load balancing. If you would have a good bandwidth, your server would be able to tackle huge traffic loads. But this would be a costly way to defend yourself. But can prove a boon for those who could afford it.
- If you run your own server, defend at Network Perimeter. For example, you can :
- Limit your router to prevent the server being troubled by traffic.
- Add filters to tell the router not to process packets from sources of attacks
- Drop spoofed packages.
- When you find yourself being attacked, you should take help from your ISP. You can keep emergency contacts for your ISP’s so that your ISP could take appropriate action to help you get out of the trouble.
- Keep yourself connected to a specialized DDoS mitigation company, in case of large DDoS attacks. These organizations use a variety of technologies like data scrubbing to help keep your website online. Though these mitigation services are not free, you may either buy them or subscribe for a few dollars per month. For example: ARBOR Network, Black Lotus, Prolexic are some specialized DDoS Mitigation Companies.
Compromised IoT devices that hackers exploited due to their security issues like no, default or weak password or firmware vulnerabilities never patched by the developer.
- (November 24, 2019) The fiber-only ISP Cool Ideas co-founder Paul Butschi revealed that the network had faced the distributed denial of service attack of over 300Gbps on November 23, 2019. The Cogent and Hurricane Electric in London provided the attack traffic statistics. The ISP issued a notice to subscribers about it and stated the limitation of Domain Name System servers accessible from its network. Thus, allowing only Cool Ideas DNS, Google DNS, and Cloudflare DNS. They consider 40Gbps as legitimate traffic hitting their network.
- (November 22, 2019) RSAWEB reported a DDoS attack.
- (November 2019) The South African Banking Risk Information Centre (Sabric) issued a warning that the bank is experiencing a sustained campaign of distributed denial of service (DDoS) attacks accompanied by ransom notes delivered to some staff email addresses. A wave of ransom-driven incidents taking place throughout October. The bank customers may anticipate minor disruptions to online services. The bank statement indicates that no customer information exposed to these attacks.
- (October 27, 2019) The South African ISPs Afrihost, Axxess, and Webafrica network attacked by DDoS, which affected DSL and fiber subscribers. The subscribers have trouble accessing the Internet.
- (October 19, 2019) DDoS attack on Cybersmart caused intermittent connectivity over two days.