What is a DDoS Attack and How Does It Work ?
Let's do a little mental experiment: imagine driving on a
road to go to work. There are other cars on the road, but generally, everything
runs smoothly at a legally defined speed limit. Then, when you approach an
entrance ramp, more cars gather. And more and more until all the sudden traffic
decreases, if that's the case. This is what a distributed denial-of-service
(DDoS) attack is a method by which cybercriminals flood a network with so much
traffic that it cannot function or communicate as it normally would.
What is a DDOS Attack?
What is a DDOS Attack?
DDoS is a simple, effective and powerful technique that
feeds on dangerous devices and bad digital habits. Today, it is one of the most
problematic areas of cybersecurity simply because it is extremely difficult to
prevent and mitigate. And no matter the size of a website. For example, Dyn, a
major service provider for popular websites, went offline last October. Just
before the attack, Brian Krebs, a popular cybersecurity reporter, suffered a
massive attack on his website in retaliation for his reports. He is also not
the only cybercrime journalist to have been attacked.
But avoiding DDoS attacks in the first one is incredibly
difficult because they are quite easy to create. All it takes to create a DDoS
attack are two devices that coordinate to send fake traffic to a server or
website. Is that? Your laptop and phone, for example, can form their own DDoS
network (sometimes called a botnet, but more on that in a minute) if you or a
cybercriminal programmed them to cooperate. But two devices, even if they
devote their full processing power to one attack, are not enough to destroy a
website or server. But hundreds and thousands of devices are more than capable
of eliminating an entire service provider with their combined power.
To gain access to a network of this size, cybercriminals
create what is called a "botnet," a network of compromised devices
that coordinate to perform a specific task. Botnets should not always be used
in a DDoS attack, nor should DDoS have a botnet to work, but for the most part,
they go together like Bonnie and Clyde. Cybercriminals create botnets by highly
standardized means: enticing people to download malicious files and spread
malware.
But malware isn't the only way to recruit devices. Since
many businesses and consumers have poor password hygiene, any cybercriminal
should search the Internet for connected devices with factory credentials or
easy-to-guess passwords ("password", for example). Once connected,
cybercriminals can easily infect and recruit the device into their cyber army.
Most of the time, this cyber army remains inactive. You need
orders before you act. This is where a specialized server called a command and
control server (usually abbreviated as "C2") comes into play. Upon
request, cybercriminals instruct a C2 server to issue instructions to
compromised devices. These devices will use some of their processing power to
send bogus traffic to a specific server or website, and off you go! A DDoS
attack was born.
Due to their distributed nature and the difficulty in
distinguishing between legitimate and false traffic, DDoS attacks are generally
successful. However, they are not a "violation". In fact, DDoS
attacks overwhelm a target to disconnect it and not steal it. DDoS attacks
are generally implemented as a means of retaliating against a company or
service, generally for political reasons. Sometimes, however, cybercriminals
use DDoS attacks as a smokescreen for more serious engagements that can
eventually lead to a complete breach.
Comments
Post a Comment