A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic on a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS attacks coordinate many compromised computer systems to create attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.1
The first documented DoS-style attack occurred during the week of February 7, 2000, when “mafiaboy,” a 15-year-old Canadian hacker, orchestrated a series of DoS attacks against several e-commerce sites, including Amazon and eBay. The attacks crippled Internet commerce. The FBI estimated that the affected sites suffered $1.7 billion in damages.2
Other earlier DDoS attacks also had political purposes. Russia was believed responsible— though it hasn’t been proven—for cyber attacks in Estonia in 2007, Georgia in 2008, and Ukraine in 2014 and 2015, during times of conflict in the region.3
Among the world’s largest DDoS attacks was the 2018 attack on GitHub, a software development platform and subsidiary of Microsoft. GitHub was recognized as sustaining the largest distributed denial of service (DDoS) attack that same year, which involved a 129.6 million packets per second (PPS) attack against the site.
But in January of 2019, Imperva, a cybersecurity software and services provider, disclosed that one of its clients sustained a DDoS attack in which 500 million PPS were directed at its network or website. And in April of that year, Imperva reported an even larger PPS attack on another client that surpassed the January record, peaking at 580 million PPS.4
Forms of DDoS Attacks
DDoS attacks vary by which layer of a computer network they target. Examples include:
- Layer 3, the network layer. Attacks are known as Smurf Attacks, ICMP Floods, and IP/ICMP Fragmentation.
- Layer 4, the transport layer. Attacks include SYN Floods, UDP Floods, and TCP Connection Exhaustion.
- Layer 7, the application layer. Mainly, HTTP-encrypted attacks.5
Analysis and Recommendations
Attackers typically gain control of systems used in DDoS attacks using email-delivered malware. Collectively, these compromised systems are known as a botnet. Botnet, a portmanteau of the words robot and network, recruit additional bots through a variety of different channels. Once a device is infected, it may attempt to self-propagate the botnet malware by recruiting other hardware devices in the surrounding network.6
According to the Proofpoint 2019 Human Factor report, more than 99% of malware requires some form of user interaction.7 Email is a primary tactic used by attackers to establish their access.
Here’s how organizations can protect themselves from DDoS attacks:
- First, they must avoid being the target of a DDoS attack. This usually requires a combination of network controls and cloud hosted DDoS-mitigation services.
- Second, they must avoid becoming an unwitting participant in a DDoS attack. To prevent their systems from being used in a botnet, organizations must protect their own environment from compromise. Most malware attacks target people, not your infrastructure. This shift which calls for a people-centric approach to protecting your own environment.
- Cloudflare. “What is a DDoS Attack?”
- Encyclopaedia Brittanica.
- Cloudflare. “What is a DDoS Botnet?”
- Casey Crane, Hashed Out. “The Largest DDoS Attacks in history.” May 2019.
- Steve Weismann, NortonLifeLock. “What is a distributed denial of service attack (DDoS) and what can you do about them?”
1 Cloudflare. “What is a DDoS Attack?”
2 Encyclopaedia Brittanica.
4 Casey Crane, Hashed Out. “The Largest DDoS Attacks in history.” May 2019.
5 Steve Weismann, NortonLifeLock. “What is a distributed denial of service attack (DDoS) and what can you do about them?” 2020.
6 Cloudflare. “What is a DDoS Botnet?”
7 Proofpoint. “2019 Human Factor Report.” September 2019.