A distributed denial-of-service attack, also abbreviated to a DDoS attack, is an assault where numerous devices with compromised systems simultaneously hit a target – typically a website, server or network – to inflict a denial of service upon users.
The torrent of incoming requests for connections and messages effectively swamps the targeted system, slowing it down, or in some cases even shutting it down, resulting in systems or users being denied service. DDoS attacks have a long history featuring a wide range of cybercriminal practitioners, including solo hackers, threat operator groups, organised criminal gangs and even national government agencies.
How do DDoS-type attacks work?
A typical example of a DDoS attack will start with a threat operator exploiting a weakness in a single computer system and establishing it as the master for the DDoS assault. This master system will then identify other systems with vulnerabilities and assume control over them. This is achieved either by infecting target systems with malicious software or circumnavigating authentication controls, by guessing or cracking passwords and other credentials.
A device or networked PC in the control of a threat operator is sometimes referred to as a zombie or simply a bot. The operator then uses the bots to build a command and control server, that controls the network of enslaved devices, commonly known as a botnet. The attacker in command of the botnet may be called a botmaster but this term may also refer to the first computer system acquired, named of its role in controlling the spread of infection and activity to the additional systems connected to the botnet.
Botnets may include a diverse number of devices, and although hundreds of thousands of bots is common, there is in fact no maximum limitation on the size they can expand to. Once an attacker has established the botnet, they can then use the combined efforts of the interconnected devices to drive traffic at any given target’s domain and push it offline. This effectively shuts down its ability to provide services to its users.
Preventative measures against DDoS attacks
Attacks using DDoS tactics can present substantial risks to enterprises with lasting consequences, so it is vital for IT security officers and admins to be fully aware of the potential harm caused by them.
While it may not be possible to prevent the possibility of bearing the brunt of a DDoS attack, the impact such an assault will have on an enterprise can be reduced. Scheduled security sweeps should always search specifically for system vulnerabilities related to denial of service and if any are identified they should be resolved immediately. Security patches for any known weaknesses should also be implemented as soon as they are made available. Educating employees on the potential threats of phishing, a method where malware is often deployed to enslave devices, can also help ensure company computers are not used in DDoS attacks on other targets.
For specialist advice on cybersecurity and how to create a safe environment with Galaxkey’s secure platform, contact our expert team today.