DDoS (Distributed Denial of Service) attacks have been a part of internet life for at least the last 20 years. A DDoS is an attempt at rendering a server unreachable to its visitors. For example, during a DDoS attack your website may become unreachable since the server is being flooded with bogus requests and cannot process the valid ones.
Worryingly, attacks have been increasing in size and frequency on an almost annual basis - in 2010, the average DDoS attack was 100 Gbps (Gigabits per second) and in 2014 was 300 Gbps. Today we hear about attacks reaching well over 800 Gbps.
In the future we can expect attacks to increase in terms of size and frequency through the proliferation of IoT (Internet of Things) devices, which are typically unsecured and can be harnessed to form a large-scale botnet. In tandem, threats such as DNS amplification attacks, allowing a single attacker to control a widespread DDoS attack, are on the rise.
DDoS attacks are also used as a cover for other attacks, including:
DNS Amplification Attack
DNS amplification is a type of volumetric attack, which are still the most prevalent and largest scale DDoS attacks. These are designed to exhaust the available bandwidth of the target while generally utilising one or more botnets.
A botnet is a number of Internet-connected devices (e.g. IoT devices), each of which is running one or more bots. Botnets can be used to perform a DDoS attack, steal data, send spam, and allows the attacker to access the harnessed device and its connection.
The DNS amplification attacks are cheap to launch and very effective - the attacker uses a form of amplification - typically, a compromised device (e.g. a PC with malware installed) launching the attack will pass the botnet a DNS request and have the replies from the open DNS servers spoofed out to the target, as shown in the diagram below.
A single bot in a DNS amplification attack would be like a prank caller making a call to a restaurant and saying, “I’d like one of everything on the menu - can you call me back and read out my whole order?” However, when the restaurant calls back, the attacker has given them the targeted victim’s phone number instead. As a result, the targeted victim receives the call from the restaurant with all the information they didn’t request.
In simplest terms, the call received from the restaurant represents the overload in traffic to the target. In a real DDoS attack, the attacker would create a large amount of traffic causing the target’s server to slow to a crawl or even shut down completely – a denial of service.
What to do about the DDoS threat
For more information about how DDoS attacks work, and on mitigation and protection, watch our ‘DDoS Webinar Replay: What to know before your next attack.’
Alternatively, just contact one of our cyber experts today or call 020 7183 0603.