What is Denial-of-Service (DoS)? #INFOSECK2K101
The risk of cyber attack through malicious bot action is rising. Ransom-motivated DDoS attacks increased by 175% between Q3 2021 and Q4 2021. It’s important to understand the differences between legitimate and malicious web traffic. By adopting smart cyber solutions, we can better mitigate against the risk of a DDoS or DoS attack.
What is a DoS or DDoS attack? What does it involve?
A Denial-of-Service (DoS) or Distributed Denial-of-Service attack is a malicious, targeted attack. It aims to flood a network with illegitimate service requests and traffic to trigger a system crash. This renders it inaccessible for users. By disrupting business operations, the attack prevents users from performing routine tasks or accessing resources that are operated by the compromised computer or network.
Many DoS attacks can also develop into ransomware attacks. This stops to critical business operations, resulting in a loss of critical time and money and causing reputational damage.
Unlike other attack vectors, DoS isn’t reliant on criminal activity and can also occur naturally through what we would consider perfectly normal user interactions on the web. When we shop online, clicks are passed through our internet service provider, to external e-commerce applications and back to our site infrastructure. Servers work tirelessly to handle and execute each request. However, if there’s too much going on, the system can become overloaded, resulting in a denial of access to the service.
DoS and DDoS – What’s the Difference?
With different points of origin, these system infiltrations represent themselves in one of two forms:
- Denial-of-Service (DoS) uses a script or tool to overload targets from a single machine. Since it comes from one location, it’s easier to detect the origin of a DoS and sever the connection. Thanks to advanced technologies in the modern cyber landscape, DoS can easily be deterred.
- Distributed-Denial-of-Service (DDoS) attacks deploy several infected remote machines (bots) to generate a small number of requests, which when added together, overload the target. With increased speed making detection difficult, the attacks can result in significant damage when a large amount of traffic is sent from various locations simultaneously, making it a more sophisticated method of DoS attack.
Overload-based DoS attacks can target different types of resources. The majority falling into one of two categories: network layer or application layer. Network layer DoS attacks attempt to overwhelm the target by exhausting all available bandwidth. Whereas, application layer DoS attacks target the service application that users are aiming to access to deplete all resources and stop it from running completely.
What Do They Do?
The two main types of DoS attacks against web resources – network layer or application layer – have different aims. They’re either designed to crash or to flood.
- Buffer overflow is the most common form of DoS attack. It occurs when the attacker drives more traffic to a network address than it can handle. A buffer represents the area of physical memory storage that is temporarily used to store data whilst it is being moved. An overflow occurs when the program seeking to write the data to the buffer overwrites neighbouring memory locations. The attack permeates all available bandwidth, such as CPU, disk space and internal memory. This results in slow performance and system crashes.
- Flood attacks occur when attackers send too high a volume of traffic to a system for buffers to process, putting a stop to permitted network traffic. The type of flood attack is dependent upon the type of packet used, in which there are two common types of attack. ICMP floods attempt to overwhelm devices with fake Internet Control Message Protocol (ICMP) echo-request packets that ping all computers on the chosen network, whilst SYN floods can send= initial connection request (SYN) packets to servers, and flood the system to overrun all available ports.
Notable DDoS Attacks
DDoS mitigation service provider, Cloudflare, successfully prevented the largest HTTPS DDoS attack in history in June 2022, recorded as 26 million requests per second. The incident followed previous high records of 17.2M rps in April 2021 and 15M rps in April 2022.
Microsoft’s Azure cloud service mitigated a 2.4 terabits per second (TBPS) DDoS attack. This was the largest attack of its kind that the company had faced, and the second-largest DDoS attack ever recorded. The attack follows Google’s 2017 attack of 2.54 gigabytes per second (GBPS), which is the largest DDoS attack of all time.
Flashback to 2019. The Guardian reported that the UK Labour party had fallen victim to two “sophisticated and large-scale” DDoS attacks. These were driven by botnets seeking to flood servers and disrupt party operations. Though confident that the attack didn’t cause a data breach, campaign activities were slowed. Guidance was also sought from leading security professionals, National Cyber Security Centre.
Mitigating the risk of a DoS attack
Denial-of-service attacks cannot be prevented as such – cyber criminals will strike whenever they please. Regardless of the defences, your organisation has established, you may still become a target. But, by having the ability to detect abnormal traffic spikes from legitimate site usage, you’ll be one step closer to identifying dry run test threats before a fully-fledged attack is executed. With the following preventative measures, the risk of DoS attack can be mitigated.
- Penetration testing to perform a stimulated attack that can uncover and patch detected vulnerabilities
- DDoS testing or DDoS mitigation services use four key stages: detection, diversion, filtering and analysis
- Web Application Firewall (WAF) to monitor HTTP traffic and prevent cross-site forgery, file inclusion and SQL injection
- Response plan which should be included as standard in your cyber strategy if all else fails
Our Solution
A DoS or DDoS attack can’t be entirely avoided. However, there are still many ways we can create a solid security framework. This can prevent further damages should an attack occur. With our expert cyber solutions at Infosec K2K, we can stop businesses from falling victim to these types of attacks.
By investing in our managed cyber security services, like our Security Operations Centre (SOC), threats can be eliminated from the offset, thanks to 24/7 monitoring and detection of suspicious activity.
At Infosec K2K, we recommend performing a dry-run attack with Penetration Testing. We can highlight any potential system vulnerabilities for patching, to prevent the worst from happening. However, if that is the case and you’ve been exploited by DDoS, don’t panic.
Our solutions also apply post-attack. Our expert team will take control of the threat quickly and efficiently, so you don’t need to worry about it impacting your business any more than it already has. With the help of our expert cyber solutions, you can mitigate the risk of a DoS attack and better protect your business from cyber risk across the board.
Get in touch with us to find out more about how we can help you.