DDoS attacks are a cyber threat as simple to put into practice as it is effective: capable of sending a company or critical infrastructures such as hospitals and airports into a tailspin in seconds.
What are DDoS attacks?
An acronym for Distributed Denial of Service, the DDoS attack is a special case of DoS attack (simply, denial-of-service).
The purpose of a DDoS attack is to saturate the resources of a computer system that distributes different types of services.
In the context of networking, therefore, a DoS attack aims to make a site or server unreachable by saturating the communication bandwidth.
A DDoS attack goal is to make entire datacenters, content distribution networks, or DNS services unreachable and unusable.
To do this, the hackers behind a DDoS attack exploit a greater number of guidelines and use more resources than a “normal” DoS attack.
In this way it is possible to “neutralize” the target within a few seconds, causing damage that persists over time (from a few hours to a few days, depending on the readiness with which the offensive is responded to).
What are botnets
The backbone of any self-respecting DDoS attack is a dense network of devices infected with malware and Trojan horses remotely controlled by a single hacker or group of cybercriminals.
This is the botnet, a sub-portion of the Internet nodes made up of compromised devices that can be used for the most diverse purposes, including DDoS attacks.
Time ago these devices were also called zombie computers: in most cases, they were computer systems infected by a particular type of virus capable of transforming them into a sort of puppet.
Today, however, the spectrum of devices that can join the ranks of a botnet has expanded exponentially.
Alongside desktops and laptops, we find smartphones, tablets, security IP cameras, routers, network printers, smart TVs, and even smart thermostats.
Potentially any device with connectivity to the Net can be part of a botnet: all smart appliances, cars, and various smart sensors scattered on street corners can potentially be co-opted and used to launch offensives against servers and web service providers.
In short, if not adequately protected, the Internet of Things can represent the greatest cyber threat of our time.
Types of DDoS attacks
Depending on the methods used and the objectives they propose, DDoS attacks can be grouped into four main categories. There are those who target the TCP connection, betting everything on speed.
In this case, the botnet floods the server with connection requests, without ever reaching the end: thus the communication band of the computer system is quickly saturated, making it impossible for any user to access the content.
Another type of DDoS are volumetric attacks in which the volume of traffic created is huge and unmanageable.
Different speech, however, for fragmentation attacks that aim to consume the computing resources of the computer system by sending incomplete access requests.
As a consequence, the target of the attack uses a large part of its resources to try to reconstruct the digital information received.
Sometimes, however, to make a server unusable it is not necessary to attack the entire infrastructure.
It is sufficient to exploit a flaw or a particular malfunction of one of the applications that allow it to function to make it unstable and, consequently, unusable.
This is the case of application attacks: these do not target the entire infrastructure, but aims to an indispensable program, making it unstable and therefore unusable.
How to defend against DDoS attacks
DDoS attacks are aimed, in the vast majority of cases, at web service providers and not against individual users.
This means that the “simple” internet users do not have adequate means of defense: if a web service they use becomes the victim of a hacker offensive, their only hope is that the IT security experts will be able to quickly mitigate the attack and limit the extent of the disruption.
In this way it will be possible to prevent the DDoS attack from causing damage to hardware and software, even if it does not necessarily allow to completely limit its scope: it may happen, in fact, that the affected network resource is equally inaccessible, even if for a shorter period.
Or, using special software, cybersecurity teams can detect attempts to access the local network and neutralize attack attempts before they turn into small digital catastrophes.
Intrusion detection systems, in fact, constantly scan incoming and outgoing data traffic and are able to identify when “legitimate” protocols are used for illegal purposes.
Finally, many companies have decided to defend themselves from DDoS attacks by strongly focusing on redundancy: instead of creating datacenters and distribution networks that are barely sufficient to provide the required services, they create “duplicate” infrastructures.
In this way, even if a node on the network is no longer available, it will still be possible to continue providing the service: it will be sufficient to divert traffic to a “twin” node, so as to be able to mitigate the attack and restore the situation.