What exactly are DDoS attacks?

What exactly are DDoS attacks? (Source – Shutterstock)

DDoS attacks explained – Here’s what you need to know

Getting your Trinity Audio player ready...
  • DDoS attacks, flooding digital platforms with excess traffic, are growing.
  • Awareness and understanding are key to security.
  • Comprehending the mechanisms behind increasing DDoS attacks is crucial for the digital-dependent era.

A Distributed Denial of Service (DDoS) attack is a powerful type of cyber warfare intended to disrupt the usual operations of digital networks, services, or servers. Unlike other cyber threats, the primary objective of DDoS attacks isn’t to steal data or gain enduring access to systems. Instead, it seeks to inundate targeted digital platforms with excess internet traffic, rendering them unresponsive to legitimate users.

At the core of a DDoS attack is the concept of “overload.” Picture it like to a traffic jam during peak hours—when an influx of cars congests the road, movement slows down, or halts completely. Similarly, when a network or server experiences a bombardment of requests from a DDoS attack, it may stagger or even fail, denying access to genuine users.

How does a DDoS attack function?

Setting in motion a DDoS attack is surprisingly straightforward. It just requires multiple devices to cooperate and send fake traffic to a server or website. For instance, your personal laptop and mobile phone could be harnessed to create a rudimentary DDoS network, often known as a botnet. Yet, even if these two devices use all their processing power for the attack, they won’t be potent enough to disable a website or server. Successful attacks usually rely on the joint efforts of hundreds or thousands of coordinated devices to bring down an entire service provider.

To muster such an expansive network, cyber attackers build a “botnet,” a connected network of compromised devices that work collectively towards a particular goal. Though botnets can be employed for other tasks apart from DDoS attacks, and DDoS attacks can be executed without botnets, they frequently go hand-in-hand in cybercrime, like a notorious pair of partners in crime.

The creation of botnets generally involves tricking individuals into downloading harmful files and propagating malware. However, using malware isn’t the only way to conscript devices into these networks. As many companies and consumers employ weak password practices, cybercriminals can trawl the internet for devices with factory-set credentials or easily guessed passwords (like “password”). Upon gaining entry, these cybercriminals can readily infect and enlist the device into their digital platoon.

How long do DDoS attacks typically persist?

DDoS attacks can show considerable variation in their duration and sophistication. They can either endure for a significant amount of time or transpire in a brief instant:

  • Long-term attacks: These attacks last long, spanning hours or even days. For instance, the DDoS attack that affected AWS caused three-day disruptions before it was finally diffused.
  • Short-term attacks: These DDoS attacks are known for their short lifespan, lasting just a minute or a few seconds.

Despite their fleeting nature, these transient attacks can inflict substantial damage. With the rise of IoT devices and increasingly powerful computing technology, there’s potential to generate a remarkable volume of traffic. Hence, cyber attackers can produce higher traffic levels in a concise time frame. A transient DDoS attack is often more advantageous for the attacker, as it’s more challenging to trace and combat.

Major events that caught public attention

The first ever documented DDoS attack dates back to 1996 when Panix, one of the oldest internet service providers, was put out of action for several days because of an SYN flood. This technique has since become a standard practice in DDoS attacks. In the years succeeding, there was a substantial escalation in DDoS attacks. Cisco anticipates a drastic rise in these cyber assaults, from 7.9 million instances in 2018 to surpassing 15 million by 2023.

However, it’s not just the frequency of DDoS attacks escalating. Threat actors are assembling larger botnets—armies of hijacked devices that generate DDoS traffic. As botnets grow, the magnitude of DDoS attacks increases correspondingly. A DDoS attack of one gigabit per second can incapacitate most organizations from the internet, but we’re now witnessing peak attack sizes exceeding one terabit per second, launched by hundreds of thousands or millions of subverted devices.

One such notable attack was leveled against a tech titan, Amazon Web Services (AWS), a cloud computing service catering to over a million companies, governments, and individuals. In February 2020, AWS was hit with a staggering 2.3 terabits per second (Tbps) of traffic.

AWS was hit with DDoS attacks in 2020.

AWS was hit with 2.3 terabits per second (Tbps) of traffic in 2020. (Source – Shutterstock)

The culprits exploited user directories on Connection-less Lightweight Directory Access Protocol (CLDAP) servers to swamp AWS servers with enormous amounts of data. This strategy has become a favored one in recent DDoS attacks to circumvent AWS’s security protocols. Luckily, Amazon was able to neutralize the attack before it endangered its users’ security. At the moment, this strike on AWS marked the largest recorded DDoS attack.

Despite the grim picture painted by the increasing frequency and sophistication of DDoS attacks, the battle is not lost. The development of advanced anti-DDoS technologies and the growing awareness of these threats are the first steps in fighting back. As we continue to depend on digital platforms for our daily operations, understanding DDoS attacks and the mechanisms behind them is critical in maintaining the security and reliability of our digital world.