A Distributed Denial of Service (DDoS) attack is colloquially know as the smaller version of the large denial of service (DoS) attack.
The former involves multiple devices inter-connected online. These devices are usually refer to as a botnet. The use of these devices is to overwhelm a targeted server or website with dubious web traffic.
Why is a DDoS attack different?
In comparison to other kinds of cyberattacks, these attacks do not make any attempt to break the cybersecurity perimeter of any entity. What it does is that it aims to make the website and servers unavailable to real users.
As a matter of fact, a DDoS attack can also be use as a decoy for other malicious activities as well as breaching security appliances and the target entity’s security perimeter. Also, a successful DDoS attack is an event which is easy to notice. Why? Because it affects a complete online user base.
A DDoS choice is a popular weapon of choice for hacktivists,
extortionists and cyber vandals along with those who are looking to make a point or do something for a cause, by attacking a website or a server.
These attacks can either come in short bursts or can come as repeated attacks. Yet, either way, the impact DDoS attacks have on either a server,
a website or a whole business entity is long lasting (i.e. can last for days, weeks and months even). It takes quite a long time for firms to recover from these attacks.
This is the very reason DDoS attacks are extremely destructive in nature to any organization.
Among many things, DDoS attacks can lead to loss of business,
loss of revenue, destroy consumer trust, force organizations to reimburse customers in colossal amounts of money and in turn, a long-term damage to their reputation.
As mentioned earlier, a botnet is a collection of interconnect devices on the internet which are remotely controll for carrying out online attacks.
Botnets usually include personal computers, laptops, tablets, smartphones, insecure devices running on IoT (Internet of Things) along with other resources from public cloud services.
Attackers use malware along with other techniques to compromise devices. This turns the device into a zombie like device, thus making it a part of an attacker’s botnet.
Botnets allow attackers to perform DDoS attacks by utilizing the strength of numerous machines. In the same way, they are able to conceal the source of the faux traffic they’ve created.
As the traffic is distribute, it is impossible for most security teams and cybersecurity instruments to detect an incoming DDoS attack, unless and until it is quite late.
DDoS attacks are divide into two distinct categories namely: application layer attacks and network layer attacks. Each of them has their own parameters and behaviors used during attacks and they both have different targets too.
These kinds of attacks are also refer to as Layer 7 attacks. They can be either a Denial of Service (DoS) or Distributed Denial of Service (DDoS) threat seeking to overload a server using fake traffic.
That traffic is use for sending an enormous number of requests which require handling and processing on a large scale.
Among the other attack vectors present, application layer attacks consist of HTTP flooding, slow attacks (like slowloris or RUDY) along with DNS query flood attacks.
The size of these attacks is typically measure in requests per second (RPS) with no more than 50 to 100 RPS needed to paralyze middle sized websites.
Experts from a DDoS protection service firm based in North York define network layer attacks as DDoS attacks made to clog supply networks to internet networks. They are also know as layer 3-4 attacks.
The attack vectors here include UDP flood, SYN flood as well as amplifying DNS and NTP, among many present. Any of these methods can be use to prevent legitimate users from accessing these servers whilst also creating severe damages to operations such as massive overage charges and accounts getting suspend.
Such attacks are high-traffic attacks often measure either in Gigabits per second )Gbps) or packets per second (PPS).
Also, large network layer attacks can exceed 100 Gbps, but around 20 to 40 Gbps are more than enough to completely close down network infrastructures anywhere.