DDoS attacks – they ranked IT security situation report The Federal Bureau of Information Security (BSI) is at the top of the list of threats to businesses. But what is behind the acronym DDoS, how do you recognize a DDoS attack and how can you protect your company from it?
What is a DDoS attack?
DDoS stands for Distributed Denial of Service and describes attacks that overload systems. The goal of these attacks is to shut down web servers. Therefore, the requested service is no longer available or available only to a very limited extent. Unlike DoS (Denial of Service), instead of a single system, a large-scale coordinated attack uses several distributed systems.
How does a DDoS attack work?
One way to mount a DDoS attack is to infect multiple computers with malware, create a backdoor, and then control those computers. With this “zombie calculator” you can remotely controlled botnet built, which overloads the victim’s web resources with many requests.
DDoS attacks work particularly well against remotely controlled IoT devices or servers on university networks. For example, the Internet of Things botnet Mirai, created by 3 students to paralyze Minecraft servers and later to this day, remains unforgotten. the biggest attack on internet infrastructure was in use, which meant that many major Internet services, especially on the US East Coast, were temporarily unavailable.
Different types of DDoS attacks
There are different types of DDoS attacks, some of which we would like to present to you here:
Syn flood:
At the heart of the attack is a vulnerability in the TCP/IP structure. The TCP handshake is intentionally prolonged by the attacker. Forging the sender address of the first packet prevents the system from reaching the computer it is trying to connect to. With many of these connection requests, the attacked computer exhausts its capacity and is no longer accessible to other systems.
Ping flood:
The program uses ping to check if the system can be reached on the network. Bombarding the computer with ping requests causes the system to become overloaded and busy just responding to pings. As a result, the network of the attacked computer is particularly affected.
Mail account flooding:
A huge amount of sent mail clogs the e-mail box. This causes the mail server to slow down and crash after a while.
HTTP Flooding:
Thousands or millions of requests are sent by an attacker to a targeted web server hosting one or more websites, after which the systems crash.
Criminal liability for DDoS attacks
DDoS attacks are classified as computer sabotage in Germany § 303b StGB is punished. Even preparing for a DDoS attack is punishable and can be prosecuted. It doesn’t matter if the attack was criminally motivated or part of a political protest to shut down a particular website.
Exceptions are tests of your network or penetration tests clearly defined in the contract.
What are the targets of DDoS attacks?
Criminal intent can be pursued through DDoS attacks. Depending on how long web resources are unavailable, significant economic damage, lost image or stolen data can occur.
To avoid this, victims often comply with criminals’ demands to pay a ransom. After that, the attacks subsided.
However, DDoS attacks can also be politically motivated. After the attack on Ukraine, there were many of them DDoS attacks from Russia to harm the country. In return, attacks on government organizations and the media followed in Russia. participated in it several private hacker groups from around the world.
How to recognize a DDoS attack?
Basically, a DDoS attack is an availability issue, so it’s impossible to tell exactly whether it’s an operational issue or a DDoS attack.
The following signs may indicate a DDoS attack:
- high volume of spam
- Network performance degradation
- Websites are no longer available
How to protect yourself from DDoS attacks?
Regardless of industry and size…
