Distributed denial of service (DDoS) attacks cause American businesses to lose $10 billion a year. This kind of attack involves flooding a computer network or host with so much traffic that the host can no longer respond. In most cases, this leads to a total crash. Then, legitimate users are unable to access the network until the DDoS attack is resolved.
Because of how expensive and debilitating these attacks are, many businesses invest in software and services that protect their resources from DDoS attacks. One of the best ways you can protect your company is by learning how attackers pick a target. If you can avoid looking like an easy mark, your company may be able to avoid future attacks.
How Does a DDoS Attack Work?
On average, a DDoS attack costs a company $5,600 per minute of downtime. During an attack, the attackers will typically use a botnet to target your business. This botnet is essentially a bunch of hijacked devices that allow the attackers to mount a large-scale attack. While a botnet may be hijacked by the attackers, they may also rent out botnets from other criminals. Unfortunately, even unskilled attackers can easily hire botnet services and mount a sophisticated attack.
With a botnet, attackers are able to send exponentially more requests to your network than your network can handle. Because botnets are a distributed network, it can be difficult to identify the original source of the attack. Unfortunately, these attacks have become even harder to stop because of how many devices are online today.
Thanks to the Internet of Things (IoT), there are numerous non-secure devices that can be hijacked to mount an attack. Because IoT devices often use default passwords and lack security measures, they are frequently hijacked by botnets. These devices are especially vulnerable because users rarely notice that their IoT devices have been hijacked.
Attackers can use a variety of methods to carry out a DDoS attack. In a standard attack, the attackers flood your servers with traffic. These illegitimate requests use fabricated return addresses, which causes issues when the server tries to authenticate the traffic’s requester. Before long, the junk requests overwhelm the server.
During SYN floods, the attacker sends a request to connect to the target server, but they do not finish the connection. This technique is typically used in a transmission control protocol (TCP) or internet protocol (IP) network to connect the local host to the server. Because the connection is not completed, the targeted host believes the port is occupied. As the attackers send more requests, it floods open ports with illegitimate requests and stops legitimate users from accessing the host.
A Smurf attack is when the attacker uses Internet Control Message Protocol broadcast packets. They send these packets to hosts using a spoofed IP address from the target’s machine. Then, the hosts respond to the targeted machine and flood it with responses.
What Qualities Do Attackers Look for in a Victim?
While every network can become the victim of a DDoS attack, there are certain vulnerabilities that make someone a more likely victim. Before an attack, attackers will use recon to figure out information about your network and servers. This information gathering allows them to see if your organization is susceptible to an attack.
Attackers Conduct Direct Recon on Your Business
During direct recon, attackers use techniques like shoulder surfing, dumpster diving and Nmap. Nmap helps them identify all of the devices that are connected to your networks. Then, the attackers use this information to determine which applications have open ports.
- Dumpster diving: This type of recon activity involves actual dumpster diving. Attackers will take documents from the trash to look for sensitive information. By shredding documents, you can protect your organization.
- Shoulder surfing: This recon technique involves someone looking over your shoulder as you type in passwords or other information. Through social engineering tactics, you can prevent shoulder surfing from harming your company.
- Watching your activities: Sometimes, attackers will watch the physical activities at your building. This information helps them figure out when people normally enter the premises so that they can access tech equipment.
Many businesses are surprised by how much information attackers get offline. In many cases, attackers can obtain phone numbers, addresses and names offline before they stage an attack. They can even get information like your birthday or your pet’s name so that they can figure out your passwords.
Attackers Use Indirect Recon to Understand Your Systems
Other than direct recon, attackers will often use indirect recon to gain a better understanding of your company and individuals who work at your business. For example, they can use indirect recon to figure out which individuals are more susceptible to social engineering. Then, they attack these individuals with malware.
During indirect recon, attackers will see if your endpoints are configured properly. They will learn about your digital assets like your cloud systems and company networks. Likewise, the attacker will learn about your firewalls, servers and routers to figure out how much traffic they need to knock your company offline. If an attacker discovers a monoculture and a good attack surface, they can stage a debilitating attack. Sometimes, attackers will also use techniques like ping sweep or port scan to profile your network.
Why Do Attackers Stage DDoS Attacks?
DDoS attacks occur for a variety of reasons. By understanding these motives, you can figure out your company’s risks of having a DDoS attack.
- Political: Politically motivated attacks happen when the attacker has an ideological disagreement with the target. For example, some attackers target oppressive regimes.
- Extortion: Attackers sometimes use attacks to extort money from their victims.
- Financial: In many cases, DDoS attacks are carried out to achieve financial gain. The attacker uses a ransomware attack as well as a DDoS attack. Then, the attackers send the victim a message that they will end the attack for a fee.
- Commercial espionage: Attackers can use DDoS attacks to gain information about a competitor. In some cases, attacks are used to damage the reputations of specific businesses or industries.
- Tactical: A DDoS may occur at the same time as other software attacks or physical attacks. For example, the attacker may use the attack to distract the company’s internet technology (IT) professionals while the attackers target their real goal.