Cyber Threats: Distributed Denial of Services (DDoS) Attacks
DDoS attacks are one of the most common attacks used to compromise an organization’s system. They are a type of DOS attack which use multiple compromised systems to target a single system. These compromised systems are typically infected with a Trojan and are used to overwhelm an online service impacting abilities to publish and access important information.
DDoS attacks are a very popular type of attack. According to a report from Verisign, one-third of all downtime incidents are attributed to DDoS attacks. Due to the popularity of these attacks, and the ever-widening skill gap in the field, “DDoS attacks are becoming increasingly sophisticated, and require more time and effort to mitigate.” According to the Verisign 2016 DDoS Trends Report.
Through sending more connection requests than a server can handle or having computers send huge amounts of random data to use up a target’s bandwidth, DDoS attacks can put a complete halt on business adding huge losses to the already expensive programs, services and professionals required to mitigate the damage. (What is the True Cost of a Cyber Attack?)
Using botnets (networks of infected computers that can be millions of machines strong) cyber criminals have the capacity to make attacks so large they could potentially max out a country’s international cable capacity. Now, many DDoS attacks combine multiple forms of attacks. Verisign reports that in their first quarter of 2016, 34% of DDoS attacks utilized three or more different types of attack.
Distributed Denial of Services DDoS Attack Case Study: the Lizard Squad
There is an infamous hacking collective known by the “Lizard Squad” who have used DDoS attacks to take down PSN and Xbox as well as targeted president of Sony Online Entertainment and grounded an American Airlines flight he was on- by issuing a bomb threat via Twitter. After hacking Xbox two Christmases in a row, along with a handful of other large DDoS attacks, only one member of the Lizard Squad were identified: 17-year old Julius “zeekill” Kivimaki from Finland.
Kivimaki was tried in court and, even after detailing his other 50,7000 cybercrimes, was not sentenced to jail. This ruling made the Lizard Squad’s targets angry and, since none of the other Lizard Squad members have been found or tried, brings up integral questions about the increasing clever hacking methodology coupled with- seemingly- lenient repercussions.
DDoS attacks like these can be damaging to a brand’s image, compromising to loyal customers and countless losses due to lack of access as well as expenses for mitigation teams and anti-malware. (Lizard Squad Hacker… Forbes) See other hacktivist DDoS attacks such as Boston Children’s Hospital.
Defenses against DDoS Attacks
While routers and firewalls are a great start, but are cannot fight against the sophistication and complexity of these larger, volumetric attacks. Properly configured server applications can minimize effects and awareness training can help avoid additional intrusion points- such as phishing e-mails. Installing an intrusion-detection system is another great precautionary measure, however, once a DDoS attack has begun, DDoS mitigation appliances are the best defense against stopping the systems breach. At CyberTraining 365, students learn the best mitigation methods and the most current technologies to handle DDoS attacks as well as the array of other cybercrimes. It you’re interested in learning more about different types of attacks try our Certified Ethical Hacker v9 Training Course.