DDoS, or distributed denial-of-service, is a type of cyberattack that can impact the availability of one or more systems. Like a denial-of-service (DoS) attack, a targeted system is flooded with more requests than it can handle. In a DDoS attack, however, multiple computers are used to target a resource. These attacks are referred to as denial of service because the desired outcome is typically to crash the target server, rendering it unable to process legitimate requests.
How Do DDoS Attacks Work?
DDoS attacks use a network of infected computers, called a botnet, to target a system with one of the three types of attacks mentioned above. This network of computers is created using malware, where the users of stand-alone devices either navigate to an infected site or download a malicious piece of software. The result is a distributed network of infected devices that an attacker can send instructions to. These instructions are what trigger the infected computers to target a specified system with large amounts of traffic, therefore executing a DDoS attack on the target.
Types of DDoS Attacks
There are many ways to carry out a DDoS attack but there are three primary categories.
3 Types of DDoS Attacks
- Volume-based attacks
- Protocol attacks
- Application layer attacks
1. Volume-Based Attacks
Volume-based DDoS attacks take down the victim by sending large amounts of traffic that consume the available bandwidth. This results in 100 percent bandwidth consumption and no available bandwidth to process authorized traffic.
2. Protocol Attacks
Protocol attacks rely on system protocols to flood the back-end system resources. Rather than consume the bandwidth, protocol attacks consume the processing capacity of servers and network devices that support an application or service.
3. Application Layer Attacks
Application layer attacks are the most sophisticated of the three, as they require a vulnerability in a web application to be exploited. These types of attacks are more complex, but if attackers find and exploit a weakness, the attack leads to the consumption of system resources from the application with minimal bandwidth consumption. This means that in addition to these types of DDoS attacks being more complex, they’re harder to detect using traditional volume-based methods.
How to Prevent a DDoS Attack
DDoS attacks can be difficult to thwart as the traffic that’s generated doesn’t contain malicious indicators. Legitimate services and protocols are used to carry out attacks, so prevention comes down to being able to detect an abnormal level of traffic. Firewalls and intrusion detection/prevention systems are two security tools that can aid in detecting this behavior and block it automatically. In addition to network-level prevention, antivirus software is required to protect the endpoints (end-user devices) and ensure malicious software is detected and removed before the device is used for DDoS activity.
Example of DDoS Attack: Dyn, 2016
One of the largest DDoS attacks occurred in 2016 when a malicious group of individuals used a malware variant called Mirai to infect an estimated 100,000 devices. The botnet was then used to target Sony Playstation. What the attackers didn’t anticipate, however, was that the attack would inadvertently affect Dyn, a U.S.-based domain name system (DNS) service provider. The DDoS attack initially meant for Sony Playstation ended up impacting a large portion of the internet, as DNS is a critical service that supports the functionality of the internet. This attack left thousands of American sites unreachable including Amazon, Twitter, Spotify, Netflix, Paypal, and Reddit, to name a few. As can be imagined, the financial and reputational ramifications of an event like this are massive. It’s estimated that one hour of downtime for Amazon can cost upward of $100 million.
As of December 2020, after a four-year investigation, an individual was charged and pleaded guilty to participating in the attack. Although we can’t easily trace the sentencing details due to the fact that the individual was a minor at the time of the crime, DDoS attacks can result in up to a 10-year prison sentence depending on the severity and impact of the attack.