Denial of Service (DoS) attacks attempt to overload websites or networks with a flood of illegitimate traffic, with the intention of degrading their performance, or making them completely inaccessible. Usually, a single computer is used to launch a DoS attack. A Distributed Denial of Service (DDoS) attack is a form of DoS attack that originates from more than one computer, often in the form of botnets. DDoS attacks are more effective than DoS attacks as they can generate more traffic. Besides, the use of multiple sources makes it difficult to detect and mitigate DDoS attacks.
A DoS / DDoS attack can occur in one of several ways. In Buffer Overflow Attack, a memory buffer overflow can cause a computing device to consume all available hard disk space, memory, or CPU time. This may result in sluggish behavior, system crashes etc. In SYN Flood Attack, an attacker sends a request to connect to the target server but does not complete the three-way handshake. This leaves the connected port in an “occupied” state. The attacker will continue to send requests, saturating all open ports, so that legitimate users will not be able to connect. In Smurf Attack, the attacker sends ICMP (Internet Control Message Protocol) packets to several hosts with a spoofed source IP (Internet Protocol) address that belongs to the target machine. The hosts will then respond, causing the targeted machine to be flooded with those responses. In Flood Attack, a targeted server is saturated with an overwhelming number of packets, resulting in denial-of-service. In Ping of Death Attack, a malformed packet is sent to a targeted machine, resulting in abnormal behavior such as system crashes.
It has been reported that there has been a 94% increase in DDoS attacks from 2022 to 2023.
Impact
Organizations may suffer from downtime and loss of productivity.
Organizations may have to bear significant financial costs to mitigate and recover from DoS / DDoS attacks.
Loss of availability of services may damage an organization’s brand image, leading to loss of customer base.
In some cases, loss of service availability may cause organizations to face litigations.
Controls
Organizations should implement a comprehensive security policy.
Organizations should install web application firewalls (WAFs) and anti-DDoS hardware and software solutions.
Organizations should install Intrusion Detection / Prevention Systems (IDS/IPS) to detect and prevent suspicious activities in real time.
Rate limiting approaches should be used to throttle incoming requests to prevent attackers from overwhelming the servers.
The latest security patches and updated anti-malware should be installed in all systems.
Secure Sockets Layer (SSL) encryption should be used to protect data. This will make it difficult for attackers to intercept and manipulate traffic.
Organizations should implement incident response and recovery plans to mitigate and quickly recover from DoS / DDoS attacks.
Periodic security assessments and audits should be conducted to detect and remove vulnerabilities in systems.
How Sujosu Can Help
Sujosu Technology can help you identify areas of concern and assess your application and infrastructure security risk. Our consultants can suggest appropriate countermeasures and provide awareness / training to prevent, detect, identify, and recover from security attacks. Engage with us and remain cyber-secure.
Comments