10 Interesting Facts about DDoS Attacks
A Distributed Denial-of-Service (DDos) attack can bring down an unprepared target. DDoS is often mentioned in the news as an example of a weapon in the hacker toolkit. Recently, Amazon revealed they fought off the largest DDoS in history, as measured by Gbps (Fact #9 below).
The term itself describes the technique nicely. A distributed network of computers send junk information to a target to deny access to the target from its intended audience. The mechanisms for building that traffic and sending vary, but the end goal is the same: take the target down.
The topic has been covered widely in the technical news and by cybersecurity companies. In this post, we will cover some highlights on the topic of DDoS attacks in the form of 10 interesting facts. The final fact will cover several ways the negative impact can be reduced.
1. Early Attacks
The first DDoS attack was on July 22, 1999 against the University of Minnesota. This attack was directed from 114 computers. Shortly afterwards, the technique was adopted by others. Amazon, CNN and Yahoo all became inaccessible from the attacks. As the new millennium came, this method for online disruption was a fixture of the technology landscape. A famous early attack performed by a 15 year old with the alias Mafiaboy, who successfully took down top sites like eBay and Dell.
2. Hidden Hackers
The identity of the groups or individuals who launch DDoS attacks is often a mystery. IP addresses can be spoofed to conceal location. There are numerous reasons a hacker would launch an attack. A company might target a competitor in an attempt to damage reputation. Hacktivists might take down a target they are opposed to. Finally, the hacker might be doing an attack for nol reason other than the thrill.
The cost of a DDoS attack can be up to $2,000,000 per incident by some measures. This amount includes costs like lost sales resulting form downtime, new technology investments to prevent, reputation damage and other areas.
Amplification is also possible with DDoS attacks. Sending a given amount of data to a server will generate a given amount of data in return. If the data received back exceeds the inbound message, the attack is amplified. The attacker spoofs the IP that is sending the information to the target IP. The result is a successful DDoS attack. The Internet Control Message Protocol is a common target for sending messages to, which results in an amplified attack.
Botnets are the key to DDoS attacks. The information, in the form of traffic, is often from bots. A collection of bots is a botnet. Bots are compromised of devices that have fallen under control of an external server with malicious aims. The Mirai botnet was the first widely successful example of a botnet being used in a DDoS attack.
6. IoT Gone Bad
Devices ranging from a refrigerator, camera or nearly anything can be connected to the Internet. This connection is often not secured. This leaves these IoT (Internet-of-Things) devices especially vulnerable to being compromised and used in a botnet. These devices could be anything from your Internet-connected refrigerator to access control devices.
In recent years, IoT devices have been responsible for the most impactful DDoS attacks. The timeline above plots major IoT botnets to the date attacks were executes. IoTReaper, BricerBot, UPnProxy and Slingshot are among the most powerful.
To prevent your IoT devices from falling victim to being a part of a botnet, follow a few simple tips. Ensure your devices are not using default passwords. Update and patch your devices to the most current version. On the large scale, having secure devices reduces the impact of DDoS attacks.
7. DIY DDoS
People or groups with little technical acumen can execute attacks using open-source free tools or paying for use of a more powerful DDoS launching system. This science fiction sounding name describes a DDoS tool that people can use to launch small-scale DDoS attacks. The accessibility of the tool means a non-technical person can use. However, it takes a coordinated attack with many others to do damaged. In addition the IP address of the attacker is revealed. Another tool available for DDoS or stress testing is HULK.
Criminals also rent the resources to launch DDoS attacks. Researchers have found that the prices of launching a DDoS “cost between $5 for a 300-second attack to $400 for a 24-hour attack.” The service is sold on black market websites.
8. Attack Time
When a company is under attack, their website or other critical systems are often unavailable. There could be frantic customers or employees asking what is happening. This potential chaos underscores why having prepared staff ready. Attacks can last from seconds to a record-breaking 21 days. The time under attack is just a start however. Performing post-attack activities like communicating with stakeholders, rebuilding systems and investigating why it happened must occur.
9. Record Attack
Amazon defended against largest DDoS recorded in February of 2020. That spike indicated that the highest attack Gbps for the attack was significantly higher than previous months’ high. Amazon has not disclosed the details regarding who was the target of the attack.
Companies can implement different technologies to prevent DDoS attacks from succeeding. Cipher offers Cyber Technology Integration services to help plan and deploy a system. Content Delivery Networks (CDN) can be put into place to stop attacks. Each company should develop an incidence response plan that addresses DDoS defense.