In the ever-evolving landscape of cyber threats, Distributed Denial-of-Service (DDoS) attacks stand out as one of the most challenging threats. These attacks involve flooding a server with internet traffic, rendering connected online services and sites inaccessible.
Motivations behind DDoS attacks vary from making a statement or expressing disapproval to financially motivated disruptions or extortion attempts. Even major global corporations, such as Amazon Web Services (AWS), are not immune to the rising tide of DDoS attacks, with the largest attack in history occurring in February 2020.
As the Internet of Things (IoT) expands and remote workforces grow, the number of devices connected to networks increases. This increase means there will be a security challenge, emphasizing the importance of robust DDoS protection and mitigation strategies. Let’s dive into what DDoS attacks are and how organizations can protect themselves.
DDoS attacks are powerful and typically use both compromised and uncompromised computer systems, including computers and IoT devices, to inundate designated targets with fake Internet traffic. Executed through networks of malware-infected Internet-connected devices, these devices, referred to as bots, form a botnet when organized by attackers. These attackers remotely instruct each bot, aiming to execute various malicious activities such as sending spam, swiping credentials, espionage, and, notably, orchestrating DDoS attacks.
Once a victim's server or network is pinpointed, bots utilize diverse methods to dispatch substantial traffic to the targeted IP addresses. This massive influx overwhelms the server or network, leading to a denial-of-service for normal traffic. The challenge lies in discerning and segregating attack traffic from regular traffic, given that each bot appears as a legitimate Internet device.
Unlike many cyberattacks aiming to steal sensitive information, initial DDoS attacks are geared towards rendering websites inaccessible to their users. However, some DDoS attacks act as a smokescreen for additional malicious activities. For instance, once servers are successfully brought down, attackers may operate in the background to take down the websites' firewalls or weaken their security codes for future attack strategies.
Additionally, a DDoS attack can serve as a digital supply chain attack. If cyber attackers encounter difficulty breaching the security systems of various target websites, they may identify a vulnerable link common to all the targets and direct their attack towards that link. Compromising this link results in automatic, indirect repercussions for the primary targets.
DDoS attacks target different network layers and are categorized based on the layers they exploit.
In October 2023, Cloudflare, Amazon Web Services (AWS) and Google Cloud reported the largest DDoS attacks ever. On October 10, the cloud service providers reported a series of DDoS attacks, initiated in August and still ongoing. Google labeled it the largest DDoS attack to date, peaking at over 398 million requests per second (rps), a record seven and a half times larger than the previous one.
The attackers used a novel HTTP/2 "Rapid Reset" technique, impacting various internet infrastructure companies. This method involves immediately canceling each request stream, allowing indefinite requests in flight without exceeding the limit on concurrent open streams. Notably, the attack utilized a modestly-sized botnet of approximately 20,000 machines.
The exploitation of a zero-day vulnerability provided attackers with a powerful tool, prompting affected companies to implement DDoS mitigation techniques, including load balancing. To collectively mitigate the impact, multiple internet infrastructure companies affected by the attacks formed a partnership, averting widespread outages.
In early November 2023, it was reported that several public healthcare organizations in Singapore were impacted by a DDoS attack. The attacks are still occurring, as reported by the national healthtech agency Synapxe, tasked with overseeing the IT operations supporting the public healthcare network in the country. This network comprises 46 public healthcare institutions, including hospitals and polyclinics, along with 1,400 community partners encompassing nursing homes and general practitioners.
The attackers behind the DDoS incident bombarded targeted servers with requests, keeping legitimate users from accessing websites of various hospitals. The impacted institutions include Tan Tock Seng Hospital, Singapore General Hospital, and National University Hospital, alongside three local public healthcare clusters, which consist of SingHealth (Singapore Health Services) and National Healthcare Group.
Fortunately, Synapxe’s networks were protected with a layered defense that was designed to detect and respond to online threats. However, the DDoS attack still overwhelmed the firewall behind the company’s blocks. This triggered the firewall to filter out the traffic, making services that depended on online connectivity inaccessible.
The above examples are indicators that the DDoS attack is a tried-and-true attack vector for cybercriminals. Identifying a DDoS attack poses challenges due to activity that mimics routine network issues. These include slow performance, website unavailability, dropped internet connections, unusual media or content, and an influx of spam. Duration and intensity of DDoS attacks vary, adding complexity to detection. Below are a few ways organizations can prevent and mitigate DDoS attacks:
Preventing DDoS attacks is challenging due to evolving sophistication. However, organizations can plan effective responses:
It’s important to get ahead of the curve by being proactive with protecting your organization, instead of waiting to put out a massive fire. Avertium can provide the following services to help keep your organization safe from DDoS attacks:
Largest DDoS attacks ever reported by Google, Cloudflare and AWS (cshub.com)
Denial-of-Service (DoS) Attack: Examples and Common Targets (investopedia.com)
Cyberattack wreaks havoc on Barcelona hospital (aa.com.tr)
Hackers Behind Oakland Ransomware Attack Dump Data on City Employees | PCMag
TIR-20211011 DDoS Attacks & The Meris Botnet (avertium.com)
DDoS attack revealed as cause of online service outage at public healthcare institutions | ZDNET
What is a DDoS Attack? DDoS Meaning, Definition & Types | Fortinet
Understanding Denial-of-Service Attacks | CISA
DDoS attack revealed as cause of online service outage at public healthcare institutions | ZDNET
What is a DDOS Attack & How to Protect Your Site Against One (amazon.com)
What Is a DDoS Attack and How Does It Work | Cybersecurity | CompTIA
DDoS Attack Types & Mitigation Methods | Imperva
This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.
Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Avertium) is ultimately responsible for assessing and meeting Client's own compliance responsibilities. This report does not constitute a guarantee or assurance of Client's compliance with any law, regulation or standard.