"There are only two different types of companies in the world: those that have been breached and know it and those that have been breached and don’t know it."- Ted Schlein, a Leading investor in cybersecurity and enterprise technology.
Distributed Denial of Service (DDoS) attacks in the first half of 2023 showed a dramatic rise of 200% from 2022 showing an alarming trend across the world and it presents an increasing challenge to organizations to secure their assets and systems from rising DDoS attacks. Source info here.
In 2023 alone, India faced two DDoS attacks one on Bharatpedia, which is India’s largest encyclopedia in the month of June. The attack resulted in the users not being able to access its platform and another one in April 2023, when a hacker group named Anonymous Sudan launched a cyberattack across six major airports and healthcare institutions in India. Source info here.
The above-mentioned instances show that there is an urgent need for preparedness against DDoS attacks because if the attackers are successful in their objective, it would cause immense damage to any organization both reputationally and financially.
This blog will give you insights on exactly what is a DDoS attack, what are the various types of DDoS attacks and what are the various measures that can be taken to protect against DDoS attacks.
“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”- Bruce Schneier- American Scientist
WHAT IS A DDoS ATTACK?
A Distributed Denial of Service (DDoS) attack basically occurs when the target is flooded with many requests, which in turn will consume its capacity thereby making it unable to respond to legitimate requests. It is basically done to force a website, online system, or computer service offline. In more simple terms, it is the fair use of an online system taken too far. However, in case of a Denial-of-Service attack (DoS), the attacker uses a single source whereas in DDoS, multiple systems are used. For eg., Any website has the capacity to handle a particular number of requests per minute however if that number is exceeded, the website’s performance is impacted.
"More organizations than ever are conducting business online. An expanding digital footprint and increasingly sophisticated cyber-attacks have created a growing urgency to secure that data and the resources organizations are deploying." - Ken Xie, American Businessman
DIFFERENT TYPES OF DDoS Attacks
Some of the different types of DDoS attacks are as follows:
1. Application Layer Attacks
The Application Layer is from where response to an incoming client request is generated by the server. For eg., if a user enters http://www.gorisco.com on their browser, an HTTP request is sent to the server, the server will then collect all information related to that page, package it and send it back to the browser.
So, an application layer attack will involve an individual using different machines to request the same thing from the server, eventually overwhelming it.
HTTP flood attacks are the most common types of application layer attacks in which malicious actors keep on sending HTTP requests using different IP addresses like you are requesting it to generate a PDF over and over again.
2. Protocol Attacks
Before a secure communication channel can be initiated between two computers, they are required to perform a Transmission Control Protocol (TCP) handshake. A TCP handshake is a way for exchanging preliminary information between two parties and a Synchronize (SYN) packet is the first step of the TCP handshake which shows that the client wants to establish connection to the server.
In an SYN Flood attack, the attacker uses numerous SYN packets containing spoofed IP addresses (creation of Internet Protocol (IP) packets with a false source IP address to impersonate another computer system) to flood the server. The server will respond to each packet requesting them to complete the handshake. However, the client never responds and the server crashes after waiting for too long.
3. Volumetric Attacks
When you bombard a server with so much traffic that its bandwidth gets completely exhausted is basically what is a volumetric attack. For eg., DNS amplification attack
Source info here.
"As cybersecurity leaders, we have to create our message of influence because security is a culture and you need the business to take place and be part of that security culture."- Britney Hommertzheim, Global BISO at Cardinal Health
STEPS TO BE TAKEN TO PROTECT ONESELF FROM DDoS Attacks
As we understand how DDoS attacks occur, it is very important to protect oneself against DDoS attacks. The following steps though are not exhaustive but are essential in order to protect oneself from DDoS attacks.
1. Updating and Patching Systems regularly
Latest Security patches should be updated in all software which includes operating systems, webservers, and applications. This is really important as vulnerabilities in the old software can be exploited.
2. Load Balancing
In order to prevent one server from being overwhelmed by an attack, traffic should be distributed across multiple servers.
3. Network Security Best Practices
It is critical to filter out malicious traffic, so in order to do that, it is important to have firewalls, intrusion prevention systems and other network security measures to filter out malicious traffic.
4. Anycast Routing
Traffic can be routed to the nearest server in a network of servers by using Anycast (is a network addressing and routing method in which incoming requests can be routed to a variety of different locations).
5. Using rate limiting APIs
Rate limiting should be implemented, if you have APIs to prevent a single client from overwhelming your system.
It is essential that the organizations take the above steps sincerely, concerning the alarming rise of DDoS attacks this year.
In today’s fast paced world, organizations cannot afford to see their websites to be down even for a minute. A website outage will not only be catastrophic for the organization’s reputation but can also impact potential customers.
Considering how malicious actors are resorting to DDoS attacks as per the data shown above, it is necessary for organizations to take steps to address this issue and take immediate actions otherwise they continue to remain at risk from a DDoS attack.
Gorisco has a wide range of experts who are experienced in defining and designing various solutions to help organizations mitigate their risks and resolve their problems.
At Gorisco, our motto is 'Embedding Resilience,’ and we are committed to making the organizations and their workforce resilient. Reach out to us if you have any queries, clarifications, or need any support on your initiatives.
To read our other blogs, click here. More importantly, let us know if you liked them or not through your comments.
Image credit: Nasanbuyn, CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0, via Wikimedia Commons