DDoS (Distributed Denial of Service)

DDoS, an acronym for Distributed Denial of Service, is a type of cyberattack that overloads a computer system so that it cannot properly handle user requests. A DDoS attack is "distributed," meaning that it comes from many different sources at once, making it difficult to block. This means that, unlike a DoS attack that originates from one source, a DDoS attack utilizes multiple computers (sometimes thousands or even millions) that attack a website simultaneously.

In DDoS technology, numerous sources (often bots or infected computers, called botnets) flood the target with a large amount of network traffic, queries, or requests, overloading its infrastructure and causing service suspension. This overload can disable a website, server, or entire network, denying access to legitimate users. The result of a DDoS attack is typically the denial of access to a specific internet resource, leading to serious financial and operational consequences for the targets of the attack.

Understanding DDoS. How Does It Work?

The basis of a DDoS attack is overload. Cybercriminals, controlling botnets - networks of infected computers - generate artificial network traffic on an unbelievable scale. All these devices simultaneously send data to the victim's server, causing it to overload. Often these are inconspicuous, everyday devices such as webcams, routers, or smart TVs that have become part of the botnet through virus infection.

DDoS attacks vary in the type of traffic sent and its direction. An application-layer attack directs traffic to a specific application, rather than the entire server. A network-layer attack sends massive amounts of data, trying to overload network connections. For example, DDoS attacks may use a technique called "UDP flood," which involves sending a large number of UDP packets to random ports on the target server, leading to its overload.

Cyber Battles. Examples of DDoS Attacks

a) Attack on Dyn

One of the most famous DDoS attacks was the attack on Dyn, a DNS service provider, in 2016. The attack, which used the Mirai botnet, comprising thousands of IoT devices, blocked access to popular websites such as Twitter, Reddit, and Netflix. The attack utilized hundreds of thousands of IoT devices like webcams and printers that attacked Dyn simultaneously, leading to significant disruptions in access to many popular websites.

b) Attack on GitHub

GitHub, a popular platform for developers, was the target of the largest recorded DDoS attack in 2018. The attack on GitHub used the memcached method, amplifying the traffic by a factor of 51,000, temporarily shutting down the service. The memcached method exploits memcached systems, which are typically used to accelerate websites and applications by caching data in memory.

c) Attacks on Financial Institutions

Financial institutions are common targets for DDoS attacks due to their critical role and potential benefits for criminals. These attacks can lead to significant disruptions in access to online banking services and may be part of broader cybercriminal operations. For example, in 2012, a series of DDoS attacks were carried out on American banks, including Bank of America and Chase, leading to serious disruptions in access to their online services.

What Do DDoS Attacks Mean?

DDoS attacks pose a serious challenge to cybersecurity. They can paralyze businesses, cause substantial financial losses, and expose users' privacy. Therefore, it is essential to develop defensive strategies and DDoS prevention mechanisms.

Protection against DDoS attacks may include various techniques, such as traffic filtering, overprovisioning (excess resource allocation), and utilizing the services of specialized external companies. All of this demonstrates how vital it is for modern organizations to understand and protect themselves against DDoS attacks.

However, even with the most advanced defense mechanisms, no organization is fully immune to DDoS attacks. Therefore, it's key not only to take measures to minimize the risk of an attack but also to prepare an incident response plan that allows the organization to quickly restore normal operations in the event of an attack.