#howitworks: Denial-of-Service (DoS) Attacks


The #howitworks series aims to help readers to gain a basic understanding of important technologies and related security implications. This series is a part of Cybersecurity Awareness Month, which is dedicated to raising awareness about cybersecurity issues and data protection.


Plague at Yandex

unsplash-image-yLDabpoCL3s.jpg

In September 2021, the Russian tech giant Yandex revealed that it had been hit by a massive cyberattack. One month earlier, hackers began to flood Yandex’s web infrastructure with millions of hypertext transfer protocol (HTTP) requests. This technique, known as HTTP pipelining, enables a web browser to initiate a connection with a server and submit multiple requests without waiting for responses. The attackers’ HTTP requests reached 5.2 million requests per second (RPS) on August 7 and 21.8 million RPS by September 5th. The attack was attributed to malicious traffic originating from more than 250,000 computers in the botnet, which is a group of devices that have been hijacked to carry out various scams and attacks. Russian authorities called this botnet Mēris, meaning “plague.”

What is a DoS attack and how does it work?

unsplash-image-heNwUmEtZzo.jpg

The attack against Yandex is the world’s largest denial-of-service (DoS) attack to date. DoS attacks target a particular service (like a website) by disrupting its normal function and preventing user access. Specifically, the Mēris botnet leveraged a distributed denial-of-service (DDoS) attack, a type of DoS attack that functions on a bigger scale by flooding the bandwidth of a targeted system with Internet traffic. The purpose of DDoS attacks is to exceed a website’s capacity to handle multiple requests and prevent proper functionality.

So how do DoS attacks start? Hackers often choose to use crashing services or flooding services. Crashing services exploit vulnerabilities within a victim’s network. Attackers will normally look for software bugs or flaws within the network, then use these to weaken or crash a system.

Flooding services, as seen in the Yandex attack, overwhelms a system with traffic and can result in either reduced or complete loss of service. Here are some common types of DoS flood attacks:

  • Buffer overflow: A type of DoS attack that sends a high amount of traffic which exceeds the network limit

  • Internet Control Message Protocol (ICMP) flood: ICMP is a protocol used by network devices to send error messages; ICMP flood attacks (a.k.a. ping floods) send many ICMP error requests to a targeted device and cause that device to become inaccessible to normal traffic.

  • SYN flood: A type of DoS attack in which an attacker quickly connects to a server without completing the connection, forcing the server to use bandwidth and becoming unavailable to normal traffic

Tips for Mitigating DoS Attacks

unsplash-image-CXlqHmQy3MY.jpg

DoS attacks, particularly DDoS attacks, are becoming extremely common and can cause significant infrastructure damage. Research shows that in the first half of 2021, DoS attacks most frequently targeted the healthcare, biotechnology, and pharmaceutical industries. Additionally, cybercriminals are increasingly offering DoS attack services on the dark web at prices as low as $10 per hour. Here are some ways to protect your network and mitigate DoS attacks:

  • Ensure regular patches and updates. One of the best ways to prevent attackers from leveraging system vulnerabilities is to regularly update software. Companies should ensure their enterprise networks are regularly patched and scanned for vulnerabilities.

  • Employ IP address blocking. An efficient defense mechanism against DoS attacks is through IP address blocking. This process allows for the creation of rules regarding which IP addresses can send traffic to a network. For example, a rule could be created to only allow addresses that fall within certain IP ranges or to block traffic from IP addresses originating from certain countries (though bear in mind that this also would disallow legitimate traffic from these IP addresses as well).

  • Use cloud-based applications when feasible. Cloud-based services can help to ensure the security of customer networks and prevent suspicious traffic. Cloud providers employ software engineers who are tasked with tracking DoS attack indicators and detecting potential attacks. For more information about the cloud, see Phishing for Answers’ recent post.

  • Develop a response plan. Since protection from DoS attacks cannot be 100% guaranteed, users should be prepared to take action if a suspected attack occurs. Businesses should develop a specific response plan, including a checklist, backup services, and employee training and awareness. Individuals should know how to recognize common signs of a DoS attack and who to contact if suspicious traffic is detected on their personal devices.


Want to learn more about a specific technology during Cybersecurity Awareness Month? Leave a comment down below with your suggestions!


Previous
Previous

#howitworks: The Dark Web

Next
Next

#howitworks: The Cloud