Distributed denial-of-service (DDoS) is a cybercrime in which an attacker attempts to affect the availability of a targeted website or application to prevent users from accessing the site or services. A DDoS attack is a more sophisticated version of the general denial-of-service (DoS) attack. In a DoS attack, the attacker tries to overwhelm its target with fake requests or attempts to exploit a cybersecurity vulnerability using a single internet connection. While carrying out a DDoS attack, on the other hand, the hacker uses thousands or even millions of compromised or controlled sources to generate the attack.
The occurrence of DDoS attacks has been increasing, and some of the largest companies in the world are not left out of these attacks. In October 2020, Google disclosed that its services suffered a DDoS attack. In Sept 2017, the attack was reported to reach a size of 2.54 Tbps. Other major DDoS attacks include the Amazon web service attack in Feb 2020 and the Github attack in Feb 2018. The AWS DDoS attack was reported to see incoming traffic at the peak of 2.3 terabits per second (Tbps), while the Github attack reached 1.3 terabits per second (Tbps).
According to the Cisco Annual Internet report, DDoS attack size increased by 63% between 2018 and 2019, and the global frequency of DDoS attacks went up by 39% year on year within the same period.
How do DDoS attacks work?
DDoS attacks are primarily carried out through Botnets (A network of hacked internet-connected computers or other devices). Botnets are designed by malicious code, allowing hackers to control them remotely. With a botnet, a hacker can direct each bot (individual device) to send requests to the victim’s IP Address simultaneously. These continuous requests could exceed what the victim’s server or network can handle, resulting in a denial of service to regular traffic.
There are seven layers of internet network connectivity according to the OSI (Open Systems Interconnection) model. These seven distinct layers are; the Physical Layer, Data-Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer, and the Application Layer. The layer attacked determines the extent to which the attack has penetrated. Among the seven layers, layer 7 is the most targeted layer. When an attack is made on the application layer, the hacker aims to disrupt the software providing the service, resulting in a significant loss.
Can You Stop DDoS Attacks?
Yes, it’s possible to stop a DDoS attack in act, but it’s not easy. The first thing to note is that DDoS attacks are difficult to detect and stop. That is because stopping DDoS attacks begins with differentiating between typical traffic surges and surges propelled by an attack. The complexity and depth of the DDoS attack determines how easy it is to separate it from regular traffic, something hackers desired to make mitigation difficult. We’ll try to examine some possible ways of preventing or stopping DDoS attacks below;
- Identify DDoS attacks using traffic analytics tools.
Identifying and stopping DDoS attacks as early as possible helps to minimize the potential damage of the attack. The most obvious pointer to a DDOS attack is sudden unavailability or crawling website service. However, those behaviors could result from an increase in legitimate traffic and countless other hardware issues.
Using Google Analytics or other traffic analytics tools can help flag some possible signs of DDoS attacks such as:
- A surge of traffic coming from users who share similar attributes such as IP range, device type, geolocation, or web browser version;
- Odd traffic surge patterns;
- An irregular flood of requests to specific pages or endpoints.
- Use blackhole routing to divert the attack.
This involves a network administrator or an ISP creating a black hole route and pushing both the good and bad traffic into a null route. If this method isn’t properly administered, it can disrupt both legitimate and malicious requests, which is the primary goal of a hacker. When a hacker successfully makes a network inaccessible, it can result in a loss for the business. Therefore, it is essential to note that this is not an ideal solution except if the organization has limited means to stop the attack.
- Limit rate of request processing.
This involves limiting the volume of requests a server accepts within a specific time. If the volume of requests from an IP range is excessive within a given time, then the rate-limiting solution will not process the requests for a certain period. Though this can slow hackers from stealing content and force login attempts, it is not sufficient to handle a sophisticated DDoS attack but can serve as part of the mitigation strategy.
- Activate traffic differentiation processes.
To cause a traffic differentiation, you need to spread the distributed attack using an Anycast network. This network will be used to spread across a distributed server network to the point where it becomes manageable and nullifies the disruptive capability of the attack.
- Install firewalls into your company’s server.
This involves putting a web application firewall between the internet and the organization’s server to act as a reverse proxy. This advantage is that custom rules can be created and modified to filter requests as the pattern of DDoS attacks changes.
How to Prevent DDoS Attacks
The best defense against DDoS attacks is prevention. Here are the most critical preventative measures against denial-of-service attempts.
Choose the right ISP or hosting partner.
DDoS attacks attempt to make a site unavailable by using up its resources; It is, therefore, important for organizations to scale up or down quickly on their resources. Also, a good ISP or hosting provider should follow efficient security best practices and an efficient response plan to stop DDoS attacks so that potential attacks can be discovered and stopped before it is formed.
Review periodic security assessments.
When apps are outdated or full of security flaws, Cybercriminals find it easier to carry out attacks. Therefore, companies should conduct periodic comprehensive security assessments to discover weaknesses in the network and connected devices. These assessments can be as frequent as every quarter, or at least bi-annually; this will allow them to detect and correct weaknesses and gaps in their security system before hackers exploit them. Remember to keep these security systems and apps up to date, as most updates come with the upgrades and vulnerabilities that DDoS hacking could expose.
Employ bot management solutions.
Most DDoS attacks, especially attacks on the application layer (layer 7), are carried out automatically by bots. One way to prevent these layer-7 DDoS attacks is to implement solutions that analyze incoming traffic and block bots before they can even connect. Some popular Bot management solutions include Cloudflare, DataDome, Imperva, Alibaba cloud etc.
Related article: How to Safeguard APIs from Attack.
Be Prepared for Every Kind of Cyber Threat | AWA International
It is essential to know that DDos Attacks can be targeted at any website, no matter how big or small. With the solution listed above, you can use the right tools and processes to prevent these attacks and stop any already targeted attacks. Contact the team at AWA for a free consultation on how to get started.