Just last month, a major cyberattack brought down the likes of Twitter, Soundcloud, Spotify and Airbnb for a few hours. Interestingly, rather than directly attacking the infrastructure of these companies, the assault targeted the domain name system (DNS) host Dyn, which is relied upon by the sites above. This is how a single attack could bring down so many sites at once.
(As you may already know, DNS a bit like the yellow pages of the Internet - but rather than mapping people's names to phone numbers, it maps domain names to IP addresses, which computers require to communicate. Hence, if the DNS provider of a site is down, it cannot be accessed by its users.)
One might imagine that pulling off an attack of this magnitude would require extreme sophistication. In practice, the disruption was caused by a rather rudimentary Distributed Denial of Service (DDoS) attack that overwhelmed the DNS servers of the aforementioned sites.
DDoS attacks rank among the oldest tricks in the handbooks of cybercriminals, as they are relatively easy to carry out. Rather than carefully exploiting technical flaws in Internet-connected systems like more sophisticated attacks, DDoSs are based on brute force: the attacker overwhelms a set of services by sending them a massive amount of network traffic. That is, simply by sending unmanageable amounts of information to them, to the point that the network links that connect such servers to the Internet are unable to cope.
The largest DDoS attacks usually leverage botnets: hordes of compromised computers all around the Internet, which are under effective control of the attacker. So, while DDoS attacks are rather trivial from a technical complexity standpoint, they are not easy to achieve at the necessary magnitude that can threaten major Internet services.
That said, more of the world's biggest organisations have come under fire. Besides the aforementioned attack, at the beginning of 2016 the BBC experiences a DDoS attack which at the time was regarded as one of the biggest in history. The group behind the attack, New World Hacking, confirmed they had generated an attack bandwidth of 602Gbps - almost twice the previous DDoS attack record of 334Gbps recorded in 2015.
In the summer of 2015, British smartphone outlet Carphone Warehouse experienced a severe data breach. It was found that a DDoS attack was used to create a secondary disturbance. In fact a fifth of DDoS attacks are now said to play a part in more sinister data theft.
The intent besides DDoS attacks is often of criminal nature (e.g., demanding payment to stop the attacks). A recent report from Kaspersky Lab indicated that DDoS attacks are a common cyberattack method not only because of the service disruptions they create, but also because they can potentially distract organisations while a more dangerous attack is unleashed elsewhere in their infrastructure. During the course of a DDoS attack, IT departments frantically work to bring services back online. This providers cover for cybercriminals to carry out a separate, more intrusive attack through a different channel.
The report surveyed businesses about their cyber security experiences, with more than half (56%) believing DDoS attacks to be a smokescreen to cover a more sinister attack. In addition, of the businesses affected by malicious hackers, more than a quarter (29%) of attacks have involved DDoS.
Besides criminally minded activities, DDoSs have also been initiated as a self-promotion stunt by malicious, black-hat hacker groups; and also, in rare cases, by cyberactivists who managed to mobilize thousands of Internet citizens to protest certain companies or governments.
It's therefore more important than ever before that businesses are made aware of the full threat landscape when it comes to cyberattacks, ensuring they are equipped with both the manpower and the infrastructure to quickly detect and react to unexpected waves of network traffic.
Should firms not take this seriously, they will be easy targets for those looking to damage their bottom line.