To understand what a distributed denial of service (DDoS) attack is, imagine you’re driving yourself to work on your usual route. You’re making good time but then, all of a sudden, dozens of cars appear on the highway, then hundreds, then thousands. The congestion slows down all the traffic, including your car, and soon it grinds to a complete halt. What you consider a traffic nightmare on the highway is a DDoS nightmare on a computer network.
DDoS Meaning and Definition
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic on a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS attacks coordinate many compromised computer systems to create attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.[1]
History of DDoS Attacks
The first documented DoS-style attack occurred during the week of February 7, 2000, when “mafiaboy”, a 15-year-old Canadian hacker, orchestrated a series of DoS attacks against several e-commerce sites, including Amazon and eBay. The attacks crippled Internet commerce. The FBI estimated that the affected sites suffered $1.7 billion in damages.[2]
Other earlier DDoS attacks also had political purposes. Russia was believed responsible— though it hasn’t been proven—for cyber attacks in Estonia in 2007, Georgia in 2008, and Ukraine in 2014 and 2015, during times of conflict in the region.[3]
Among the world’s largest DDoS attacks was the 2018 attack on GitHub, a software development platform and subsidiary of Microsoft. GitHub was recognised as sustaining the largest distributed denial of service (DDoS) attack that same year, which involved a 129.6 million packets per second (PPS) attack against the site.
But in January of 2019, Imperva, a cybersecurity software and services provider, disclosed that one of its clients sustained a DDoS attack in which 500 million PPS were directed at its network or website. And in April of that year, Imperva reported an even larger PPS attack on another client that surpassed the January record, peaking at 580 million PPS.[4]
Types of DDoS Attacks
DDoS attacks vary by which layer of a computer network they target. Examples include:
- Layer 3, the network layer. Attacks are known as Smurf Attacks, ICMP Floods, and IP/ICMP Fragmentation.
- Layer 4, the transport layer. Attacks include SYN Floods, UDP Floods, and TCP Connection Exhaustion.
- Layer 7, the application layer. Mainly, HTTP-encrypted attacks.[5]
DDoS Analysis and Recommendations
Attackers typically gain control of systems used in DDoS attacks using email-delivered malware. Collectively, these compromised systems are known as a botnet. Botnet, a portmanteau of the words robot and network, recruit additional bots through a variety of different channels. Once a device is infected, it may attempt to self-propagate the botnet malware by recruiting other hardware devices in the surrounding network.[6]
According to the Proofpoint 2019 Human Factor report, more than 99% of malware requires some form of user interaction.[7] Email is a primary tactic used by attackers to establish their access.
Here’s how organisations can implement DDoS attack protection:
- First, they must avoid being the target of a DDoS attack. This usually requires a combination of network controls and cloud hosted DDoS-mitigation services.
- Second, they must avoid becoming an unwitting participant in a DDoS attack. To prevent their systems from being used in a botnet, organisations must protect their own environment from compromise. Most malware attacks target people, not your infrastructure. This shift which calls for a people-centric approach to protecting your own environment.
[1] Cloudflare. “What is a DDoS Attack?”
[2] Encyclopaedia Brittanica.
[3] Ibid.
[4] Casey Crane, Hashed Out. “The Largest DDoS Attacks in history”
[5] Steve Weismann, NortonLifeLock. “What is a distributed denial of service attack (DDoS) and what can you do about them?”
[6] Cloudflare. “What is a DDoS Botnet?”
[7] Proofpoint. “Human Factor Report”