DDoS stands for Distributed Denial of Service. This type of attack involves sending large amounts of traffic from multiple sources to a service or website, intending to overwhelm it. A huge influx of traffic all at once can tie up all the site’s resources and thereby deny access to legitimate users.
This is DDoS, or Distributed Denial of Service, which is a malicious network attack that involves hackers forcing numerous Internet-connected devices to send network communication requests to one specific service or website with the intention of overwhelming it with false traffic or requests. This has the effect of tying up all available resources to deal with these requests, and crashing the web server or distracting it enough that normal users cannot create a connection between their systems and the server.
Websites sometimes “crash” due to an incoming flood of legitimate traffic, like when a highly anticipated product is released, and millions of people visit the site at once trying to buy it. DDoS attacks attempt to do the same.
DoS vs. DDoS
DoS stands for Denial of Service. The difference between DoS and DDoS attacks is whether one computer is used in the attack, or the attack is sent from multiple sources. Sources can include traditional computers and also Internet-connected devices that have been taken over as part of a botnet.
Because DDoS attacks require traffic to come from many sources, they are often conducted using botnets. This is like having an army of zombie computers to do the attackers’ bidding. Attackers use what we call a DDoSTool to enslave computers and build their army. This zombie network of bots (botnet) communicates with the command and control server (C&C), waiting for commands from the attacker who’s running the botnet. In the case of a DDoS attack, it can happen that tens of thousands or even millions of bots work simultaneously to send large amounts of network traffic in the direction of the target server. Usually, but not always, the original infecting DDoSTool does not attempt to steal data or otherwise harm the host. Instead, it lies dormant until called upon to participate in a DDoS attack.
To create the botnet, attackers need to get the DDoSTool onto your system. To that end, cybercriminals rely on a whole bag of tricks to enslave your PC, Mac, Android, iPhone, or company endpoint into their botnet. Here are some common ways they do it:
- An email attachment. In a moment of bad judgment, you click on either an attachment or link to a website that the attacker controls, and which hosts the malware it sends you.
- Your social network or messaging app. Like emails, they can include links that attackers want you to click on, again, to trigger download of a DDoSTool.
- Drive-by downloads or click scams. If you surf on a legitimate—albeit infected—website, you don’t even have to click on anything to have the malvertising download botnet malware. Or you fall prey to a pop-up that displays an “urgent” message that prompts you to download some allegedly necessary antivirus security (it’s malware).
After the DDoSTool infection takes root, your computer remains seemingly unchanged, although there are some telltale signs. Your computer might have slowed down noticeably. You get random error messages, or your fan revs up mysteriously even when you’re in idle mode. Whether or not it shows these signs, the infected device periodically checks back in with the botnet command-and-control (C&C) server until the cybercriminal running the botnet issues the command for your device (along with all the other bots) to rise and attack a specific target.
The motivations behind attacking a website or service vary. Hacktivists will use a DDoS to make a political statement against an organization or government. There are criminals who do it to hold a commercial website hostage until they receive a ransom payment. Unscrupulous competitors have employed a DDoS to play dirty against rival companies. Sometimes, a DDoS is also a strategy to distract website administrators, allowing the attacker to plant other malware such as adware, spyware, ransomware, or even a legacy virus.
To avoid becoming an unwilling and unwitting participant in a botnet-fueled DDoS, practice the same good computer hygiene for preventing all malware infections: keep your operating system and apps up to date, and don’t click on unknown links and unexpected attachments.
And of course, real-time, always-on cybersecurity is a hard-and-fast must-have to protect you from DDoSTool downloads and all other associated malware threats. No matter what kind of device and platform you’re using, from Windows, Mac, and Chromebook to Android, iPhone, and business environments, Malwarebytes cybersecurity programs protect users from items detected as a DDoSTool.
Since smartphones are basically portable handheld computers, coupled with the fact that there are around two billion of them in use, they provide a rich attack vector for DDoS on the go. They have the processing power, the memory and storage capacity that make them an attractive target for hackers, especially because phone users rarely secure their devices with anti-malware protection. And like PC users, smartphone users are just as susceptible to email and SMS phishing.
As for infection vectors specific to smartphones, supposedly legitimate apps found in the download marketplace are a frequent hunting ground for DDoS attackers, who have secretly loaded the apps with a malicious DDoSTool. In fact, that’s just how a massive Android-device DDoS attack came to light in August 2018 when a botnet dubbed WireX struck targets in a variety of industries including hospitality, gambling, and domain name registrars. It turned out that up to 300 malicious Android apps penetrated Google Play (which the company scrubbed after being informed of the threat), co-opting devices into a botnet across more than 100 countries.
According to Wikipedia, the first demonstration of a DDoS attack was made by hacker Khan C. Smith in 1997 during a DEF CON event, disrupting Internet access to the Las Vegas Strip for over an hour. The release of sample code during the event led to the online attack of Sprint, EarthLink, E-Trade, and other major corporations in the year to follow.
In early 2000, Canadian teen hacker Michael Calce upped the DDoS ante and made a big impression on the business community by bringing down Yahoo! with a DDoS—a feat he repeated in the week that followed by disrupting other major sites such as Amazon, CNN, and eBay.
The general threshold of effort it takes for a hacker to arrange a DDoS has only decreased in difficulty with reports of cybergangs renting out botnets for as little as $10-per-hour.
Finally, as we have entered the Internet of Things (IoT) era, almost any Internet-connected device such as smartphones, security cameras, routers, and printers can be mustered into a botnet for even more DDoS impact.
- “Huge upsurge” in DDoS attacks during pandemic
- Android devices caught in Matryosh botnet
- Electrum DDoS botnet reaches 152,000 infected hosts
- 4 lessons to be learned from the DOE’s DDoS attack
- Massive DDoS attack washes over GitHub
Obviously, a company or retail commercial website has to take DDoS threats seriously. And there have been some huge ones in 2018.
As Malwarebytes expert Pieter Arntz writes, “Depending on the type and size of your organization, a DDoS attack can be anything from a small nuisance to something that can break your revenue stream and damage it permanently. A DDoS attack can cripple some online businesses for a period of time long enough to set them back considerably, or even put them out of business completely for the length of the attack and some period afterwards. Depending on the kind of attack, there can also be—intentional or not—side effects that can further hurt your business.”
Side effects of a DDoS include:
- Disappointed users who may never return
- Data loss
- Loss of revenue
- Compensation of damages
- Lost work hours/productivity
- Damage to the business’s reputation
“Depending on the type and size of your organization, a DDoS attack can be anything from a small nuisance to something that can break your revenue stream and damage it permanently.”
Malware Intelligence Researcher
For businesses, the best solution is to plan ahead for a DDoS, either with an “always-on” type of protection or clear protocols in place for your organization to follow when the attack occurs.
For instance, instead of shutting customers out, an online business might continue to allow users to use the site normally as much as possible, even during the attack. Your business could also switch to an alternative system to work from.
Businesses that are vulnerable to mobile phone threats should ensure that private devices connected to the corporate network have an approved mobile security solution to protect against infections (as well as the means to prevent installation of unauthorized apps). And the IT department should be vigilant in sniffing out and intercepting any malicious communication to DDoS C&Cs.
Regarding internal security, there are several best practices you should be following:
- Don’t keep passwords written on Post-it notes on desks or monitors
- Change passwords on IoT devices
- Lock your computer when stepping away
- Log off at the end of the day
- Don’t reveal your login credentials to anyone
On the latter best practice, if it is absolutely necessary to share login information, ensure that it is sent via encrypted channels. If face-to-face with the recipient, share login info in a location where other people will not overhear.