A Distributed Denial of Service or DDoS attack is a common attack aimed at disrupting the targeted network, server or service’s normal traffic by essentially flooding it with an abundance of internet traffic. This essentially overwhelms the target to the point that it cannot function properly. The easiest way to spot a DDoS attack on a site is if that site suddenly becomes incredibly slow or all together unavailable.
DDoS attacks are one of today’s top cybersecurity threats along with supply chain attacks, ransomware and social engineering.
Why Do Hackers Use DDoS Attacks
Unlike other cyber attacks, DDoS attacks do not compromise sensitive or valuable data but they can still have significant repercussions. Below are a few reasons why a hacker may use a DDoS attack:
1. To Cause Financial Strain To An Organization
Websites that generate significant revenue online, could immediately feel the repercussions of a DDoS attack that prevents purchases from being made online. In 2013 when Amazon’s site went down for less than an hour, the company estimated revenue lost around $5M; just imagine what that number would be today.
Similarly, hackers can use a DDoS attack as a means to extort money from organizations who need to get their sites back up and running but do not have a team of security professionals to counter the attackers. In both of these scenarios, DDoS attacks can definitely be costly for the victim.
Gain Key Skills In Detecting & Countering DDoS Attacks In Our CEH Training Class
2. To Corrode Public Perception Of An Organization
Any notable website that is down for a significant amount of time can start to gain public attention either from loyal website users or from news coverage. This is a reason why hacktivists will use DDoS attacks to draw attention to a specific cause or call out a company’s behavior in a public way.
3. To Distract From A Larger Scale Online Or Physical Attack
One way to think of a DDoS attack is as a noisy distraction. They can draw a lot of attention from the public, which then makes it a priority for an organization’s security team to address. But while everyone is drawn to the noise of a DDoS attack, a much more malicious attack could be in the works in other part of the organization’s network. In this regard, hackers bet that the distraction of the DDoS attack will buy enough time to execute a much more serious security breach.
The distraction or communications limits caused by a DDoS attack can also be followed by a physical attack. This was the case in 2008 when the Republic of Georgia experienced a massive DDoS attack; a few weeks later the country was physically invaded by Russian troops. The attack may have helped limit valuable information access needed for physical defense of the country.
3 Types Of DDoS Attacks
1. Application Layer Attack
An Application Layer attack is the most common type of DDoS attack. In an Application Layer, or Layer 7, attack the target is either the software providing a service or an application from a cloud service provider.
2. Protocol Attack
A Protocol attack focuses on a server or network-based device’s resources. These resources could be an OS or firewall and once they are sufficiently overwhelmed, balancers are loaded. These attacks are the second most common and the attack occurs usually at Layers 3 & 4.
2. Volumetric Attack
A Volumetric attack is the least technical attack. It leverages a botnet to flood a network with traffic that ultimately overwhelms its bandwidth capabilities until it is slowed or completely stopped from delivering services.
Learn More About DDoS Attacks
There is a lot more to be said regarding DDoS attacks, including:
- Mitigation Process
- Tools To Perform A DDoS Attack
- Protection & Detection Tools
- The Use Of Botnets & more
To learn more about DDoS attacks, each of the following courses addresses DDoS attacks in some capacity: