While hackers today have multiple types of malicious attacks and processes on their assets, Distributed Denial of Service (DDoS) attacks have remained, since their first appearance, a main element of their arsenal, causing concerns in many companies and organizations.
As we will see in this article, DDOS attacks are today gaining popularity, but the most striking and worrying fact is found in the diversity of forms and multiplicity of processes of the “new” DDOS attacks identified, and their almost constant evolution to escape cyber defenses.
But then what is a DDOS attack? What were the visible evolutions of these cyber-attacks? Do hackers still have the same motivations as before? But above all, how can we protect ourselves from these malicious attempts that never really seem to be stopped?
What is a DDOS attack?
A distributed denial of service (DDoS) attack is a cyber-attack in which one or several hackers attempt to disrupt a service. This attack prevents access to servers, devices, services, networks, applications and even specific transactions within applications: a denial of service attack can, for example, block a file server, make access to a web server impossible or prevent email distribution in an enterprise.
A DDoS attack comes from several systems that, after being infected (without their owners noticing), acting as “zombies” or soldiers, responding to pirate orders, and attacking designated targets collectively.
Typically, these attacks work by “flooding” a system with data requests: for example, by sending many requests to a web server to make a website unavailable, or by hitting database with a high volume of requests.
Now easier to set up, cheaper, generally anonymous and more accessible than ever before, this type of attack targets more and more companies and organizations, as we have seen in recent months through the high-profile cases of Github or Mirai.
The number of DDoS attacks has increased over the last few months, and the motivations of hackers to set up such attacks have become multiple – beyond the simple will of nuisance and disruption. We will see here how these attacks have evolved both in their processes and in their proportions:
- DDOS attacks of the “extortion” type:
These attacks have a very singular and surprising process: indeed, even before an attack is launched, pirates will try to achieve their (financial) goal by threatening the victims with a potential malicious act that didn’t happen yet – unless a ransom is paid upstream (usually in Bitcoin).
This new type of process reflects the fact that the motivations behind these attacks have also changed. For many cyber criminals, DDoS attacks are no longer just a way to disrupt certain services – they use attacks to extort money, or as a distraction to hide other malicious activities.
- DDoS “Dark” attacks:
Being a perfect example of the evolution of these techniques, hackers behind so-called DDOS “Dark” attacks take advantage of the fact that most IT services can only detect attacks greater than 1 GB per minute.
Cybercriminals therefore send constant, low-volume bursts over a longer period, so that the security solutions deployed by the targeted victim will not be able to detect them.
- DDoS attacks “As-A-Service”:
The ease of deployment of a DDoS attack is demonstrated by its availability in online markets. Previously only available on the Dark Web, hacking services can now be purchased for a small fee, which also partly explains the exponential growth in the number of such attacks.
These services sell access to botnets that malicious actors can use to anonymously launch DDoS attacks against targets of their choice, while significantly reducing the risk of attribution.
The year 2017 marked an important milestone for DDOS attacks, when – not just once, but twice – attacks crossed the 1 Tbps bandwidth threshold. Thanks to these examples, we can affirm that DDoS attacks have now entered a new dimension – and this is indeed the most striking fact.
If this type of DDos attack was not the first of its kind (take the case of Mirai for example), these last attacks are still the most powerful attacks ever recorded, becoming a whole new generation of cyber-attacks. Unlike DDoS attacks of the previous generation, these two attacks calibrated in Tbps, no longer need the support of one or more botnets.
Terabits are therefore likely to become the new unit of measurement when we talk about DDOS attacks. The new technique used by the hackers behind these latest attacks is likely to emulate the pirates, and therefore cause a lot of damage, and who knows, could become the most important amplification method ever used in the coming months.
DDoS attacks continue to evolve and will remain a major threat to most organizations. As we have seen, a combination of factors is behind this trend, such as the availability of DDos As-A-Service attacks or the increase in the number of hackers seeking to monetize these attacks.
It is therefore essential that companies equip themselves with proper security solutions to adequately counter these various threats. To prevent this type of attack, dedicated software solutions exist: for example, ITrust has integrated measures in its SOC Reveelium to prevent these attacks in real time, alerting the information system and privileged contacts in the event of an attack.