fbpx
let's talk

The Most Common Types of DDoS Attacks Dissected

Thank you! We send you a PDF file

Share:

6 min read

Every electronic system has a finite data processing capacity. This threshold is never exceeded under normal conditions, but things may change when anomalous activity kicks in. A distributed denial-of-service (DDoS) attack fits the mold of a stratagem that can drain a web server’s resources and disrupt the associated online service.

This brutal vector of cybercrime made its debut in the mid-1990 as ideological weaponry favored by the Anonymous and like-minded hacktivists. As time went by, it embraced extra motivations ranging from script kiddies’ whim to satisfy their ego and get an adrenaline rush – to unscrupulous entrepreneurs’ plots aimed at sucker-punching business rivals.

Extortion through what’s called “ransom DDoS” is the latest evil quirk of threat actors. To set it in motion, an adversary threatens to knock an organization’s website offline unless the would-be victim pays a specified amount of Bitcoin.

DDoS has grown into a multipurpose cybercrime heavyweight over time, and it’s getting worse. With that said, it is high time organizations stepped up their preparedness to tackle this challenge.

This article provides a summary of known attack methods and shines the light on effective countermeasures.

(Screenshot image by David Balaban, source NETSCOUT Cyber Threat Horizon )

What Makes DDoS So Dangerous?

With organizations heavily relying on uninterrupted availability of their websites these days, service downtime entails reputational issues and customer churn, which translates to adverse financial implications down the line. Unsurprisingly, the above-mentioned extortion tactic with DDoS at its core is flourishing.

Since mid-August 2020, several high-profile hacker gangs, including the infamous Lazarus Group and Fancy Bear, have been sending such blackmail notes to thousands of companies around the world, primarily ones from the finance and retail sectors.

The felons demand a minimum of 10 BTC (currently worth about $106,000) for not mounting the attack. On August 28, the FBI alerted U.S. companies to the menace by issuing an ad hoc flash warning.

One more facet of the problem is that DDoS can be used as a red herring in data exfiltration or ransomware attacks. It creates “noise” that distracts a target company’s InfoSec staff from a more impactful threat, thereby impeding swift incident response.

An extra concern is that DDoS operators are increasingly adept at amplifying their attacks via huge botnets consisting of unsecured IoT devices. This approach was behind the most powerful assaults reported to date, including the 2016 Dyn cyber-attack that generated rogue traffic exceeding 1Tbps.

Who Is DDoSed in 2020?

With the COVID-19 crisis being underway, the implementation of remote learning programs saw a dramatic spike this year, and so did DDoS attacks targeting the education and academic sector. Mostly orchestrated by hacktivists and rebellious students, these incursions lead to network downtime and disrupt virtual classes.

Unethical business competition is another area where DDoS plays a role. For instance, malicious actors often swamp Minecraft servers to lure gamers into switching to another hosting service.

Cryptocurrency exchanges are common targets as well. By disrupting these services via DDoS-for-hire platforms, unscrupulous rivals encourage coin traders to look for alternatives.

(Image source: Neustar)

During January through June 2020 compared to the same period in 2019, the number of DDoS attacks sized 100 Gbps and above grew an enormous 275%. At the same time, the number of small attacks, sized 5 Gbps and below, grew also by more than 200%.

Demystifying the DDoS Ecosystem

Security professionals single out numerous techniques that differ in the logic of precipitating a denial-of-service condition. To better understand the network disruption repertoire of the present-day crooks, go over a hands-on summary of the most common DDoS types.

  1. DNS Flood. To execute this incursion, malefactors deluge a DNS server with a huge number of malformed requests coming from numerous different IP addresses. This is one of the toughest attacks to detect and recover from.
  2. UDP Flood. An adversary fires out a slew of rogue User Datagram Protocol (UDP) packets at a victim server to make it run out of processing capacity. A serious pitfall in terms of identifying this attack is that UDP connections provide scarce methods to verify source IP addresses.
  3. SYN Flood. This foul play abuses the TCP three-way handshake, a fundamental mechanism used to set up a connection between a client, a host, and a server in the TCP protocol framework. Criminals flood a target server with multiple SYN (synchronize) packets coming from a rogue IP. For the record, the role of SYN packets in a benign scenario is to request a connection with a server.
  4. Fragmented ACK Flood. An attacker shells a network with patchy ACK (acknowledge) packets. When attempting to organize these requests, routers encounter a denial-of-service condition. This raid is one of the crooks’ favorites because it can disrupt a network with a comparatively small number of partial packets.
  5. Ping Flood. This DDoS attack revolves around fraudulent Internet Control Message Protocol (ICMP) echo requests. The victim server allocates all of its resources to spawn packets in response to these numerous pings and denies service to legitimate clients.
  6. HTTP Flood. To initiate this incursion, a threat actor shells a web application with malformed GET or POST requests. To imitate natural traffic, this technique may engage a botnet of previously infected devices.
  7. Ping of Death Attack. A malefactor deluges a network with ping packets that “weigh” more than 64 bytes, which is the maximum permitted size. The receiving server tries to reassemble these offbeat packets to no avail and eventually crashes.
  8. IP Null Attack. To launch this incursion, an evildoer targets a server with IPv4 packets in which the header value is set to null. These irregular messages confuse the server to the extent that it can no longer operate properly.
  9. Fraggle Attack. This foul play involves rogue UDP packets carrying a knockoff IP address of the target’s router. As a result, the network device replies to itself non-stop until it becomes incapable of reacting to legitimate requests.
  10. LAND Attack. LAND – short for Local Area Network Denial – is a raid relying on dodgy SYN packets in which the source IP and the destination IP are an exact match. The victim server is thereby pulled into a loop of iterative responses to itself, which causes a denial-of-service predicament.
  11. Slowloris. An attacker initiates a bevy of simultaneous connections to a web server and keeps them active by periodically adding split packets and HTTP headers. These connections stay uncompleted for a long time and waste the server’s processing capacity. On a side note, a single computer can be enough to execute the Slowloris onslaught.
  12. Low Orbit Ion Cannon (LOIC). Ideally, LOIC is used as a tool that allows security experts to identify the pain points of a network by stress-testing it. However, sometimes criminals turn the original purpose upside down by mishandling it to deplete a server’s resources with fake HTTP, UDP, and TCP packets.
  13. High Orbit Ion Cannon (HOIC). This is a LOIC spin-off with a much higher stress-testing potential under its hood. DDoS actors often hinge on it to generate myriads of HTTP POST and GET requests and knock a target server offline in a snap. Incidentally, HOIC can concurrently home in on more than 250 domains.
  14. APDoS. The acronym stands for “Advanced Persistent Denial-of-Service”. This mechanism kicks in when attackers blend a series of different techniques to deteriorate the performance of a network or a server. Another hallmark of this attack is that it usually lasts for weeks and withstands traditional incident response methods.
  15. IoT Botnet Attack. This is one of the most destructive types of DDoS as it can generate immense data transfer rates that reach several terabits per second. These attacks parasitize a network of compromised Internet of Things (IoT) devices to generate fraudulent traffic and route it toward a computer network.

(Image source: Kaspersky Lab, DDoS Report Q2 2020)

According to Kaspersky Lab, SYN flooding is the most popular method for now. The share of SYN flooding is currently 94.7%. The leader is followed by ICMP flooding 4.9%.

DDoS Mitigation Best Practices

Here is a roundup of the most effective methods to fend off DDoS attacks:

  • Use a cloud DDoS protection service. Outsourcing your defenses to a trusted cloud-based service such as Cloudflare, Sucuri, or Akamai is a reliable method to survive even the most powerful assaults.
  • Leverage a web application firewall (WAF). The role of a WAF is to monitor incoming Internet traffic and thwart web application abuse via cross-site scripting (XSS), cross-site request forgery (CSRF), or SQL injection.
  • Step up your traffic filtering techniques. This tactic enhances a WAF through deep packet inspection, IP blacklisting, and rate limiting.
  • Deploy an intrusion prevention system (IPS). An IPS will protect your network against malicious code and hacker attacks that try to exploit known software vulnerabilities.
  • Perform code auditing. InfoSec teams should regularly sanitize the code running in an enterprise environment to ascertain that it doesn’t have any exploitable flaws. This is a countermeasure for application layer (layer 7) DDoS attacks.
  • Keep your systems up to date. Timely updates are a hugely important element of DDoS protection. Vulnerability patches raise the bar for malefactors and prevent the network infrastructure from becoming easy prey.

This type of cybercrime is quickly evolving relying on botnets, open-source network stress testing frameworks, scams, and other means. Therefore, organizations should have effective defenses in place to emerge unscathed if the disaster strikes.

__________

This guest post was written by David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs MacSecurity.net and Privacy-PC.com projects.

Do you like our article?

Article rating 5 / 5. Reviews: 1

Posted by

Max Babych

Max Babych

I am CEO of SpdLoad

I launched SpdLoad almost 7 years ago and now it has 20+ successful products in SaaS and Marketplace industry and several own products. I am an expert in Marketing, Lean Methodology and Customer Development approach.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recommended posts

How Much Does It Cost To Build A Corporate Website

How Much Does It Cost To Build A Corporate Website

Irrespective of where and how you operate your business, you need a business website, period. If you want to know the answer…

read more
7 Music App Ideas to Start Your Own Startup

7 Music App Ideas to Start Your Own Startup

What kind of music app ideas do you think are trending in the last few years? The 90’s kids will remember the…

read more
Ways to Use Social Media to Drive Traffic to Your Website

Ways to Use Social Media to Drive Traffic to Your Website

The struggle for driving traffic to websites is a tale as old as stone. Businesses have turned their strategies upside down to…

read more
Digital Marketing Team Structure – An Intro Guide for Startups

Digital Marketing Team Structure – An Intro Guide for Startups

Are you thinking of building your own startup?  That’s great! But wait! Do you have a plan? If not then, you are…

read more
8 Marketing Ideas for Startup – The Kickstart Edition

8 Marketing Ideas for Startup – The Kickstart Edition

What comes to mind when you read these names? Essential Products ScaleFactor LeSports Singulex TinkLabs Nothing, right? Because you might not remember…

read more
How To Build CRM from Scratch: Reasons, Features, Timeline and Cost

How To Build CRM from Scratch: Reasons, Features, Timeline and Cost

Your business is as good as your management. Businesses at a nascent stage find it easy to manage their customers with Google…

read more
5 Research Proven Benefits of Managing a Remote Business

5 Research Proven Benefits of Managing a Remote Business

According to the most recent global remote working data, the proven benefits of managing a remote business are more apparent than ever!…

read more
A Detailed Guide to Choosing the Best Software Development Partner

A Detailed Guide to Choosing the Best Software Development Partner

Want to extend your outreach by digitizing your business? Great!! But wait, it is not that easy as you might be thinking….

read more
The Cost of App Design: Detailed Look from Product Development Team

The Cost of App Design: Detailed Look from Product Development Team

Graphic designer Robert L. Peters shares the crux of our discussion on app design cost. Design creates culture. Culture Shapes Values. Values…

read more