The Evolution of DDoS Attacks

DDoS is an abbreviated form of Distributed Denial of Service. It is a type of DOS attack where numerous compromised systems, infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. Victims of DDoS attacks consistof both end targeted system and all systems maliciously used and controlled by cybercriminals in the distributed attack. In a DDoS attack, incoming traffic to a website is flooded with many sources – potentially hundreds of thousands or more, which makes the website unresponsive and challenging to stop the attack by blocking a single IP address. Added to this, it is very difficult to distinguish genuine users traffic from attack traffic, which originates from a different location. Despite the ever-changing technologies and invention of new attack strategies, the DDoS attack has remained as a permanent fixture, striking fear in people’s heart.

The world witnessed the first DDoS attack in September 1996 in New York City, when the most popular ISP (Internet Service Provider) Panix was hit by SYN DDoS attack, which took the company offline for several days. It was the time when people realized how fragile the internet infrastructure could be. When this attack was executed, 20 million Americans were online and this attack was considered as one of the fatal DDoS attacks of that time. Again, in February 2000, Yahoo, eBay, and Amazon were attacked in the US, which used an attack tool TFN2 to launch DDoS against aforesaid commercial websites to "control the Internet." TFN2 launched distributed attacks through botnets, which had the potential to control the encryption of communication protocols to elude detection.

DDoS Attacks on Government Websites

In July 2001, the Code Red worm manipulated a vulnerability found in IIS (Internet Information Service), which took control over several systems and forced them to attack different targets. It was a self-replicating worm that could robotically infect other systems. The Code Red worm attacked the White House website, and this attack was considered as the first DDoS attack, which attacked the government websites with an intensifying impact.

After the said attack, DDoS battles were just not limited to individual or corporate websites but were expanded to the government websites, as well. Another major DDoS attack was noticed when Estonia, after its independence from the Soviet Union, attempted to relocate the monuments built by the Soviet Union, the country experienced DDoS attacks on its governmental websites, including presidential palace website and the Prime Minister’s website.

DDoS extortion

Ironically, DDoS extortion was the very first tactic which worked so well that without launching the attack – in fear – victims paid the ransom to the attackers. The modus operandi of DDoS extortion was to send a mail to the users, which explained who the attackers are and even linked the content to the blogs, which was written on them and the tactic they follow to exploit the victims. Attackers asked victims to pay around 40 - 100 Bitcoins to protect themselves from the attack. The attackers also threatened victims that if they fail to pay the demanded ransom, a large-scale DDoS attack will be launched.

Dark DDoS

Dark DDoS gives a perfect example of how the flaws in the network infrastructure can change the phase of every threat. It took the advantage of a fact that IT departments can only detect attacks that took place above 1GB per minute. So, cybercriminals launched DDoS attacks in a constant, low-volume bursts for a longer time thereby exploiting the system’s inability to detect the attack. This method has become an integral facet of an attacker’s toolkit, which is used to launch sophisticated multi-layered attacks.

Dark DDoS attacks are aggressive when compared to other forms of DDoS attacks. It mainly targets the security infrastructure of a system rather than disrupting the service completely. This particular technique is growing very quickly due to its non-detectable nature, which keeps security teams and traditional scrubbing solutions blind to the threat. Ian Trump, at global cloud-based IT service management firm LOGICNow, has said that a dark DDoS attack is often the hallmark of a more sophisticated criminal. According to the Trump, it takes a profound knowledge to execute one DDoS attack, while diverting the professional by executing another attack.

DDoS as-a-service (DDoSaaS)

With the increase in DDoS attacks, hackers got a wild idea about launching this threat as a service but calling attack as a service is an irony. Earlier, this service was only available at the Dark Web, but nowadays it is available on online professional marketplaces, as well. One can easily get this hacking services for mere £10 for half a day. In the initial phase of this DDoS as a service, companies rented it to test their own cybersecurity, but moving on, this service emerged as the biggest threat as anyone can buy this service and use on any network infrastructure. Many organization which were targeted with DDoS attacks have voiced suspicion that their competitors are responsible behind the attacks.

Security experts suggest that DDoS amplification aka reflection is an attack method of choice that gives its way to many DDoSaaS operators. This form of DDoS attack completely depends on the DNS resolvers that accept DNS queries from any source. The DDoS attacks also originate from hoaxed IP addresses. There are various open resolvers and networks that generate traffic from hoaxed sources, which remains unacceptably high. The Open Resolver Project has identified 27 million resolvers, which are open and the security professionals predict that this number increases day by day.

Defending from DDoS

To combat DDoS attacks, organizations ought to implement layered DDoS defense. Companies require specialized defenses at their network perimeter, which proactively protects the infrastructure from the most stealthy, sophisticated application layer attacks. Besides, organizations should have cloud-based DDoS protection on the call to use when an attack escalates. In today’s digital landscape, integrating an additional layer of defense is vital. Having the right solutions and processes in its place allows security teams to become more efficient and effective, protecting their organizations from becoming the next DDoS victim!