What is a Distributed Denial-of-Service (DDoS) attack?
"The system is down". This is something you may have heard before, referring to the unavailability or inoperability of a digital application or service. With the system down, important tasks may become jeopardized, disrupting ticketing at an airport or the admission of patients to a hospital.
When these unforeseen outages are the result of deliberate action – when caused by criminals – the situation is referred to as a denial-of-service cyberattack. The name comes from the fact that the goal is to force the target to "deny service", that is, stop working.
A denial-of-service attack stems from malicious communication or data transmission that interferes with system performance and can fully block connections. However, systems can be bolstered against this attack.
Unfortunately, this is why criminals now resorted to distributed denial-of-service attacks, also known as DDoS (distributed denial-of-service). In this form, malicious communications or data transmissions stem from thousands of computers at the same time.
For a real-world comparison, it's as if the attacker can fill a store with people who aren't customers simply to obstruct service to real customers, forcing the store to "deny service".
In certain cases, the sheer scale of the distributed attack completely overwhelms the system. It’s even possible to exhaust the service's Internet connection, leaving the target high and dry, with no means of resisting on its own.
Whose computers are involved in this attack?
Criminals almost always use other people's devices to launch DDoS, like computers and even Internet of Things devices – security cameras, TVs, video recorders – that have been contaminated with remote access malware.
A digital plague takes control of the device – preferably without alerting the user – and forms a botnet with the other infected systems.
In control of this "army", the criminal sends a command for the entire network to open connections to the desired target, thus launching the attack.
There is also a modality called a “distributed reflective denial-of-service (DRDoS)", another more complex scenario, whereby criminals exploit specific features of certain network protocols to "divert" (or "bounce") connections to the target of the attack.
What is the point of an attack that takes down a system?
A denial-of-service attack may be executed for a variety of purposes. Some examples include:
-
Extortion: after taking down a company's critical system, the criminal gets in touch to demand payment to halt the attack;
-
Distraction: a denial-of-service attack can serve as a decoy to cover up another discreet, higher-value attack taking place at the same time;
-
Denying security access: an attacker can take down a security subsystem, preventing them from interfering with other frauds;
-
Online activism: DDoS has been used in many cases of "activism" or online protest. In such cases, users joined the attack voluntarily.
How to avoid being part of a DDoS
Ensuring system availability is one of the missions of cybersecurity professionals. But you can help by preventing your devices from being incorporated into a botnet:
-
Keep applications and systems up to date, including on "Internet of Things" devices (cameras, TVs, recorders, fridges);
-
Personalize passwords on IoT devices
-
Beware of links and attachments (which may contain malware);
-
Only download software from recognized sources;
-
Don't ignore antivirus alerts.