Our Blog

Our Blog

What is Denial-of-Service (DoS)? #INFOSECK2K101

The risk of attack through malicious bot action is rising - ransom-motivated DDoS attacks increased by 175% between Q3 2021 and Q4 2021. But by understanding the differences between legitimate and malicious web traffic and adopting smart cyber solutions, we can better mitigate against the risk of a DDoS or DoS attack.

What is a DoS or DDoS attack? What does it involve?

A Denial-of-Service (DoS) or Distributed Denial-of-Service attack is a malicious, targeted attack that aims to flood a network with illegitimate service requests and traffic to trigger a system crash, rendering it inaccessible for users. By disrupting business operations, the attack prevents users from performing routine tasks or accessing resources that are operated by the compromised computer or network.

Many DoS attacks can also develop into ransomware attacks, putting a halt to critical business operations, resulting in a loss of critical time and money and causing reputational damage.

Unlike other attack vectors, DoS isn’t reliant on criminal activity and can also occur naturally through what we would consider perfectly normal user interactions on the web. When we shop online, clicks are passed through our internet service provider, to external e-commerce applications and back to our site infrastructure. Servers work tirelessly to handle and execute each request, but if there’s too much going on, the system can become overloaded, resulting in a denial of access to the service.

DoS and DDoS - What’s the difference?

With different points of origin, these system infiltrations represent themselves in one of two forms:

  • Denial-of-Service (DoS) uses a script or tool to overload targets from a single machine. It is easier to detect the origin of a DoS and sever the connection, as it comes from a singular location. Thanks to advanced technologies in the modern cyber landscape, DoS can easily be deterred.
  • Distributed-Denial-of-Service (DDoS) attacks deploy several infected remote machines (bots) to generate a small number of requests, which when added together, overload the target. With increased speed making detection difficult, the attacks can result in significant damage when a large amount of traffic is sent from various locations simultaneously, making it a more sophisticated method of DoS attack.

Overload-based DoS attacks can target different types of resources, with the majority falling into one of two categories: network layer or application layer. Network layer DoS attacks attempt to overwhelm the target by exhausting all available bandwidth. Whereas, application layer DoS attacks target the service application that users are aiming to access to deplete all resources and stop it from running completely.

The two main types of DoS attacks against web resources - network layer or application layer - have different aims: to crash and to flood.

  • Buffer overflow is the most common form of DoS attack and occurs when the attacker drives more traffic to a network address than it can handle. A buffer represents the area of physical memory storage that is temporarily used to store data whilst it is being moved. An overflow occurs when the program seeking to write the data to the buffer overwrites neighbouring memory locations. By permeating all available bandwidth, such as CPU, disk space and internal memory, the attack causes slow performance and system crashes.
  • Flood attacks occur when attackers send too high a volume of traffic to a system for buffers to process, putting a stop to permitted network traffic. The type of flood attack is dependent upon the type of packet used, in which there are two common types of attack. ICMP floods attempt to overwhelm devices with fake Internet Control Message Protocol (ICMP) echo-request packets that ping all computers on the chosen network, whilst SYN floods can send= initial connection request (SYN) packets to servers, and flood the system to overrun all available ports.

DDoS mitigation service provider, Cloudflare, successfully prevented the largest HTTPS DDoS attack in history in June 2022, recorded as 26 million requests per second. The incident followed previous high records of 17.2M rps in April 2021 and 15M rps in April 2022.

Microsoft’s Azure cloud service mitigated a 2.4 terabits per second (TBPS) DDoS attack, the largest attack of its kind that the company had faced to date, and the second-largest DDoS attack ever recorded. The attack follows Google’s 2017 attack of 2.54 gigabytes per second (GBPS), which is the largest DDoS attack of all time.

Flashback to 2019, The Guardian reported that the UK Labour party had fallen victim to not one, but two “sophisticated and large-scale” DDoS attacks, driven by botnets seeking to flood servers and disrupt party operations. Though confident that the attack did not cause a data breach, campaign activities were slowed and guidance was sought from leading security professionals, National Cyber Security Centre.

Mitigating the risk of a DoS attack

Denial-of-service attacks cannot be prevented as such - cyber criminals will strike whenever they please. Regardless of the defences, your organisation has established, you may still become a target. But, by having the ability to detect abnormal traffic spikes from legitimate site usage, you’ll be one step closer to identifying dry run test threats before a fully-fledged attack is executed. With the following preventative measures, the risk of DoS attack can be mitigated.

  • Penetration testing to perform a stimulated attack that can uncover and patch detected vulnerabilities
  • DDoS testing or DDoS mitigation services use four key stages: detection, diversion, filtering and analysis
  • Web Application Firewall (WAF) to monitor HTTP traffic and prevent cross-site forgery, file inclusion and SQL injection
  • Response plan which should be included as standard in your cyber strategy if all else fails
Our solution

Whilst a DoS or DDoS attack cannot be entirely avoided, there are still many ways we can create a solid security framework to prevent further damages should an attack occur. With our expert cyber solutions at Infosec K2K, we can stop businesses from falling victim to these types of attacks.

By investing in our managed cyber security services, like Security Operations Centre (SOC), threats can be eliminated from the offset, thanks to 24/7 monitoring and detection of suspicious activity.

Plus, by performing a dry-run attack with Penetration Testing, we can highlight any potential system vulnerabilities for patching, to prevent the worst from happening. But, if that is the case and you’ve just been exploited by DDoS, don’t panic.

Our solutions also apply post-attack, with Crisis Response that’ll take control of the threat quickly and efficiently, so you don’t need to worry about it impacting your business any more than it already has.

To find out more about how our expert cyber solutions can mitigate the risk of a DoS attack and better protect your business from cyber risk across the board, get in touch with our trusted team.

$(".headermaintop").removeClass('header-fixed animated slideindown'); } }); $(document).ready(function(){ $(".eventlsts li").first().find('a').addClass('active show'); });