DDoS Attack Explained | How to be safe from DDoS Attacks 

Hello everyone, today we're going to talk about DDoS and what it is.

DDoS stands for Distributed Denial of Service. And what this is, it's basically a cyber-attack on a specific server or network with the intended purpose of disrupting that network or server's normal operation. And a DDoS attack does this by flooding the targeted network or server with a constant   flood of traffic, such as fraudulent requests, which overwhelms the system, causing a disruption or denial of service to legitimate traffic.

 

So for example here we have a web server and let's just say that this webserver could belong to a company that sells its products over the internet. And over here we have a couple of customers with their computers that are browsing the company's website, looking at the company's products or services. Now let's just say that someone just wanted to do an attack on this company's web server.  And let's just say that they're going to attack the server for whatever reason. For example, maybe they don't like the company or they don't like the owners of the company or whatever. So what happens is the attacker is going to use their computer and their program to attack this server and flood it with fraudulent data traffic to try and disrupt its service.

 

 

 

Now, this is not a DDoS attack, this is just called a DoS attack which stands for Denial of Service. Because a DoS attack is an attack that's just coming from one source. Now, normally a network or server is able to handle an attack from a single source because it's easier to pinpoint. 

The server can just simply close the connection where the attack is coming from. So that's not really a problem. However, the problem is that what if an attack comes from multiple sources simultaneously? And that is what a DDoS is.

 

A DDoS is an attack from multiple sources all at once.  So this computer here, who is the ringleader, can communicate with other computers around the world and coordinate an attack on this server. So now instead of an attack coming from a single source, 

 

The server now has to deal with an attack from multiple sources and when this happens, it will overwhelm the server. It will eat up the server's system resources, such as the CPU and memory, and it will also eat up network bandwidth. So as a result, these legitimate computers over here are going to be denied service because the server is too preoccupied with dealing with a DDoS attack. So the web pages that these computers want to access or either not going to load or they are going to be very slow in loading and they'll get that familiar spinning wheel of lag on their screens.

 

So the question is how does the attacker get other computers to get involved in a DDoS attack?

And the simple answer is by using malicious software. The attacker will develop a malware program and distribute it over the internet and put it on things like websites and email attachments. So if a vulnerable computer goes to these infected websites or opens these infected email attachments, the malware will be installed on their computer without the owner even knowing that their computer has been infected.

So now their computer has been recruited in an army of other infected computers to perform a DDoS attack. And this army of infected computers is what's called a botnet. Now, this botnet is not just limited to a few computers, this botnet could be hundreds or even thousands of computers that are scattered all over the world. 

So now this botnet can be controlled like an army, waiting to receive instructions from the attacker, who is now like a centralized command and control center for the botnet. And then the attacker can send out commands to all these computers and tell them to attack at a certain date and time. And then once that set time is reached, the attack begins. Now a DDoS attack can last for hours or even days. It just depends on the attacker’s intent.

 

So another question is, why do people do DDoS attacks?

 

DDoS attacks can happen for several different reasons. For example, it could be for financial reasons and the attacker is DDoSing a competitor in the marketplace. It could also be for maybe political reasons. Maybe they don't like the targeted organization's beliefs.  Or it could also be that maybe the attacker is just doing it for fun.

The Top-Five DDoS Attacks (for Now)

 

To give your vision into what these attacks are like “in the wild,” we’re going to take a look at some of the most famous DDoS attacks to date. Our selections contain some DDoS attacks that are famous for their pure scale while our others are because of their influence and consequences.

 

The Google Attack, 2020

 

On October 16, 2020, Google’s Threat Analysis Group (TAG) posted a blog update discussing how the coercions and threat actors are changing their strategies due to the 2020 U.S. election. At the end of the post, the company told in a note:

 

In 2017, our Security Reliability Engineering team measured a record-breaking UDP amplification attack sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453, and 9394), which remains the largest bandwidth attack of which we are aware.

 

Launched from three Chinese ISPs, the attack on thousands of Google’s IP addresses lasted for six months and sickly-looking at a breath-taking 2.5 Tbps. Damian Menscher, a Security Reliability Engineer at Google, wrote:

The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us. This demonstrates the volumes a well-resourced attacker can achieve. This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier.

 

The AWS DDoS Attack in 2020

 

Amazon Web Services, the 800-pound gorilla of the whole thing cloud computing, was hit by a huge DDoS attack in February 2020. This was the most dangerous recent DDoS attack ever and it targeted an unknown AWS customer using a method called Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection. This method relies on weak third-party CLDAP servers and increases the amount of data sent to the victim’s IP address by 56 to 70 times. The attack took three days and sickly-looking at an astounding 2.3 terabytes per second.

Why the AWS Attack Matters

While the disturbance caused by the AWS DDoS Attack was far less severe than it could have been, the complete scale of the attack and the implications for AWS hosting customers possibly losing profits and sorrow brand damage is significant.

 

The Mirai Krebs and OVH DDoS Attacks in 2016

On September 20, 2016, the blog of cybersecurity professional Brian Krebs was beaten by a DDoS attack in excess of 620 Gbps, which at the time, was the biggest attack is ever seen. Krebs’ site had been attacked earlier. Krebs had verified 269 DDoS attacks since July 2012, but this attack was almost three times higher than anything his site or, for that matter, the internet had seen before.

The cause of the attack was the Mirai botnet, which, at its topmost, later that year, contained more than 600,000 cooperated Internet of Things (IoT) devices such as IP cameras, home routers, and video players. The Mirai botnet had been exposed in August that same year but the attack on Krebs’ blog was its first big excursion.

The next Mirai botnet attack on September 19 targeted one of the biggest European hosting providers, OVH, which hosts an unevenly 18 million applications for over one million clients. This attack was on a single unnamed OVH customer and driven by an estimated 145,000 bots, generating a traffic load of up to 1.1 terabits per second, and take about seven days. But OVH was not to be the last Mirai botnet victim in 2016.

Why the Mirai Krebs and OVH Attacks Matter

The Mirai botnet was an important step up in how powerful a DDoS attack could be. The size and complexity of the Mirai network were unparalleled as was the scale of the attacks and their focus.

 

The Six Banks DDoS Attack in 2012

On March 12, 2012, six U.S. banks were targeted by a wave of DDoS attacks—Bank of America, JPMorgan Chase, U.S. Bank, Citigroup, Wells Fargo, and PNC Bank. The attacks were accepted out by hundreds of hijacked servers from a botnet called Brobot with each attack creating over 60 gigabits of DDoS attack traffic per second.

At the time, these attacks were inimitable in their perseverance. Rather than trying to execute one attack and then backing down, the committers barraged their targets with a crowd of attack methods in order to find one that worked. So, even if a bank was equipped to deal with a few types of DDoS attacks, they were helpless against other types of attacks.

Why the Six Banks Attack Matters

The most amazing aspect of the bank attacks in 2012 was that the attacks were, allegedly, carried out by the Izz ad-Din al-Qassam Brigades, the military wing of the Palestinian Hamas organization. Likewise, the attacks had a huge impact on the affected banks in terms of revenue, mitigation expenses, customer service issues, and the banks’ branding and image.

 

Remember these points, How to be safe from DDoS Attacks and keep Your Website Safe

• Buy More Bandwidth
• Protect Your DNS Servers
• Deploy a DDoS Protection Appliance
• Configure Your Network Hardware against DDoS Attacks
• Deploy Anti-DDoS Hardware and Software Modules
• Build Redundancy into Your Infrastructure