The Rise of Distributed Denial-of Service Attacks
And how your devices can become susceptible
Amazon was the target of a cyberattack in February, 2020, but it largely went unnoticed. The online retail giant sustained the largest Distributed Denial of Service (DDoS) attack in history. Before we dig into the details of the DDoS, here is a general explanation of DoS.
Denial-of-Service (DoS) attack
According to the Department of Homeland Security, a denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources because of the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network.
A DoS attack can be carried out in many ways, but generally the attacker floods a network server with traffic. A bad actor sends several illegitimate requests to a target server. As the server tries to authenticate these numerous requests, it gets overwhelmed and crashes. This prevents legitimate traffic from accessing a network.
Distributed Denial-of-Service (DDoS) attack
In a distributed denial-of-service (DDoS) attack, multiple machines operate together to attack one target. DDoS attacks gain effectiveness by using compromised computer systems as sources of attack traffic. However, exploited machines are not limited to computers. Billions of smart home devices are susceptible to cyberattacks as a result of a serious flaw discovered in a networking protocol. Through the CallStranger vulnerability, hackers could steal your user data, scan networks and launch distributed denial-of-service (DDoS) attacks, with help from your XBox One, smart TV or many other Internet of Things (IoT) devices.
Imagine an army of botnets—a group of hijacked internet-connected devices—banding together to carry out a large-scale attack.
So what happened with Amazon?
Amazon Web Services (AWS) defended and defeated a 2.3 -terabit-per-second (Tbps) distributed denial of service (DDoS) attack using AWS Shield, their managed threat protection service. While the February attack was the biggest, Amazon research notes a growing number of DDoS events for the company in the first quarter of 2020 over the last quarter of 2019 (10%) and the first quarter 2019 (23%).
Why are DDoS attacks growing?
With more people working at home, and internet use higher than ever, bad actors are taking the opportunity to create more attacks. Some have a financial motivation, demanding money to stop the attack. Some seem aimed at causing social or political disruption. The US Department of Health and Human Services (HHS) website was unsuccessfully attacked in mid-March 2020, seemingly to deprive citizens of access to official data about the pandemic and measures taken against it.
As the popularity of IoT devices increases, there is more vulnerability. Often, these devices have poor security protocols, and users don’t bother to change default passwords. Users often don’t notice the infection of their IoT devices, so DDoS attacks can be carried out unnoticed.
How do you avoid being part of the problem?
Both businesses and individuals can take steps to avoid being a target of a DoS or DDoS.
+ Businesses can employ a DoS protection service as a first line of defense in detecting abnormal traffic flow and reroute this traffic away from your network while clean traffic is allowed to pass through.
+ Preparation of a disaster recovery plan before an attack is essential to ensure successful and efficient communication, mitigation, and recovery.
In addition, both individuals and companies should strengthen the security profile of any internet-connected devices to prevent them from being compromised. This is done by installing and maintaining a firewall and antivirus software on your network. Before purchasing IoT devices, research the item’s security protections and past issues. Make sure to take advantage of the security settings of devices and create a strong password.
How do you know if an attack is happening?
A DDoS or DoS attack can be tricky to identify since it can mimic non-malicious issues. Many things can cause slow network performance or block availability to access a website. You can watch a real time DDoS attack on a website here, and see how server resources slowly get depleted.
The best defense if a good offense
The best way to detect and identify a DoS or DDoS attack would be via network traffic monitoring and analysis. You can read a recent review of protection service providers from Business.com here.
Take prompt action if you think you or your business is experiencing a DoS or DDoS attack. Contact your network administrator immediately to see if the source of the service outage can be determined, and contact outside professionals for assistance if needed.