A denial-of-service (DoS) Cyber-Attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions committed by a malicious Cyber-Criminal. Services affected may include email, websites, online accounts and other services that rely on the affected computer or network. A (DoS) Cyber-Attacks executed by a Cyber-Criminal by flooding the victim’s network with abnormal traffic until the target loses their ability to respond and simply crashes or the authentic users fail to access the server. DoS Cyber-Attacks can cost an organization both time and money while their resources and services are inaccessible.
There are many different methods for carrying out a DoS Cyber-Attack. The most common method of Cyber-Attack occurs when a Cyber-Criminal floods a network server with traffic. In this type of DoS Cyber-Attack, the Cyber-Criminal sends several requests to the target server, overloading it with traffic. These services that request can be illegal and with mostly fabricated return addresses. This results in a scenario where the server is overwhelmed, due to the constant process of shooting junk requests. This ultimately misleads the server in its attempt to authenticate the requestor and helps the Cyber-Criminals to exploit the vulnerabilities of the server.
In a Smurf Cyber-Attack, the Cyber-Criminal sends Internet Control Message Protocol broadcast packets to a number of hosts with a spoofed source Internet Protocol (IP) address that belongs to the target machine. The users of these bugged packets will then responded to the victim’s host will be overwhelmed with those responses.
An SYN flood occurs when a Cyber-Criminal sends a request to connect to the victim’s server but never completes the connection through what is known as a three-way handshake. This is the method employed in a TCP/IP network to develop a connection between a local host/client and the server. The improper handshake leaves the connected port in an occupied status and it then lacks the ability to process further requests. ACyber-Criminalwill continues to send requests, saturating all open ports, so that legitimate users cannot connect.
Individual networks may be affected by DoS Cyber-Attacks without being directly targeted. If the network’s internet service provider (ISP) or cloud service provider has been targeted and compromised, the network will also experience a loss of service.
A distributed denial-of-service (DDoS) Cyber-Attack occurs when multiple machines are operating together to Cyber-Attack one target. DDoS allows for exponentially more requests to be sent to the target, therefore increasing the Cyber-Attack power. It alsoincreases the difficulty of attribution, as the true source of the Cyber-Attack is harder to identify.
DDoS Cyber-Criminals often leverage the use of a botnet—a group of hijacked internet-connected devices to carry out large scale Cyber-Attacks. Cyber-Criminals take advantage of security vulnerabilities or device weaknesses to control numerous devices using command and control software. Once in control, a Cyber-Criminalcan command their botnet to conduct DDoS on a target. In this case, the infected devices are also victims of the Cyber-Attack.
Once established, the botnet—made up of compromised devices—may also be rented out to other potential Cyber-Criminals. Often the botnet is made available to “Cyber-Attack-for-hire” services which allow even the most unskilled user to launch DDoS Cyber-Attacks.
DDoS Cyber-Attacks have increased in magnitude as more and more devices come online through the Internet of Things (IoT) (see securing the Internet of Things for additional information). IoT device oftenmakes the victim vulnerable exploitation by utilizing default passwords without sound security postures.
Infection of IoT devices often goes unnoticed by users, and a Cyber-Criminal could easily compromise hundreds of thousands of these devices to conduct a high-scale Cyber-Attack without the device owners’ knowledge.
While there is no way to completely avoid becoming a target of a DoS or DDoS Cyber-Attack, there are proactive steps administrators can take to reduce the effects of a Cyber-Attack on their network.
- Enroll in a DoS protection service that will detect abnormal traffic flows and redirect traffic away from your network. The DoS traffic is then filtered out, while clean traffic is passed on to your network.
- Create a disaster recovery plan to ensure successful and efficient communication, mitigation, and recovery in the event of a Cyber-Attack.
It is also important to take steps to strengthen the security posture of all of your internet-connected devices in order to prevent them from being compromised.
- One has to always install and maintain security software.
- One has to always install a firewall and configure it to restrict incoming of abnormal traffic from suspicious host.
- Evaluate security settings and follow good security practices in order to minimalize the access other people have to your information, as well as manage unwanted traffic.
Symptoms of a DoS Cyber-Attack can resemble non-malicious availability issues, such as technical problems with a particular network or a system administrator performing maintenance. However, the following symptoms could indicate a DoS or DDoS Cyber-Attack: For Instance, unusually slow network performances, unavailability of a particular website, or an inability to access any website are the most common symptoms of a DoS Cyber-Attack.
The best way to detect and identify a DoS Cyber-Attack would be via network traffic monitoring and analysis. The Network traffic can be easily monitored by employing an intrusion detection system and the network administrator can also set up a secure rule that develops an option of alerts, if it detects any anomalous traffic load or if the source of the traffic or drops network packets that meet certain criteria.
If you think you or your business is experiencing a DoS or DDoS Cyber-Attack, it is important to contact the appropriate technical professionals for assistance.
- One must always contact their Network Administrator to confirm whether the reason behind service outage is due to maintenance or an in-house network problem. They can also monitor network traffic to confirm the presence of a Cyber-Attack, identify the source and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service.
- Contact your ISP to ask if there is an outage on their end or even if their network is the target of the Cyber-Attack and you are an indirect victim. They may be able to advise you on an appropriate course of action.
In the case of a Cyber-Attack, do not lose sight of the other hosts, assets, or services residing on your network. Many Cyber-Criminals conduct DoS or DDoS Cyber-Attacks to deflect attention away from their intended target and use the opportunity to conduct secondary Cyber-Attacks on other services within your network.