What is the definition of DDoS?
Imagine a mob of shoppers on Black Friday trying to enter a store through a revolving door, but a group of hooligans block the shoppers by going round and round the door like a carousel. There’s lots of pushing and shoving and griping, and the legitimate shoppers can’t get in to buy anything. Business comes to a standstill.
This is DDoS, or Distributed Denial of Service, which is a malicious network attack that involves hackers forcing numerous Internet-connected devices to send network communication requests to one specific service or website with the intention of overwhelming it with false traffic or requests. This has the effect of tying up all available resources to deal with these requests, and crashing the web server or distracting it enough that normal users cannot create a connection between their systems and the server.
To pull off a DDoS attack, hackers need an army of zombie computers to do their bidding. Hackers use what we call a DDoSTool to enslave computers and build their army. This zombie network of bots (botnet) communicates with the command and control server (C&C), waiting for commands from the hacker who’s running the botnet. In the case of a DDoS attack, it can happen that tens of thousands or even millions of bots work simultaneously to send large amounts of network traffic in the direction of the target server. Usually, but not always, the original infecting DDoSTool does not attempt to steal data or otherwise harm the host. Instead, it lies dormant until called upon to participate in a DDoS attack.
The motivations behind attacking a website or service vary. Hactivists will use a DDoS to make a political statement against an organization or government. There are criminals who do it to hold a commercial website hostage until they receive a ransom payment. Unscrupulous competitors have employed a DDoS to play dirty against rival companies. Sometimes, a DDoS is also a strategy to distract website administrators, allowing the attacker to plant other malware such as adware, spyware, ransomware, or even a legacy virus.
“To pull off a DDoS attack, hackers need an army of zombie computers to do their bidding. Hackers use what we call
a DDoSTool to enslave computers and build their
Latest DDoS news
attacks are growing: What can businesses do?
Massive DDoS attack washes over GitHub
Avzhan DDoS bot dropped by Chinese drive-by attack
DDoS, Botnets and Worms…Oh My!
Imgur Abused in DDoS Attack Against 4Chan!
What is the history of DDoS?
According to Wikipedia, the first
demonstration of a DDoS attack was made by hacker Khan C. Smith in 1997 during a DEF CON event, disrupting Internet
access to the Las Vegas Strip for over an hour. The release of sample code during the event led to the online attack
of Sprint, EarthLink, E-Trade, and other major corporations in the year to follow.
In early 2000, Canadian teen hacker Michael Calce upped the DDoS ante and made a big impression on the business community by bringing down Yahoo! with a DDoS—a feat he repeated in the week that followed by disrupting other major sites such as Amazon, CNN, and eBay.
The general threshold of effort it takes for a hacker to arrange a DDoS has only decreased in difficulty with reports of cybergangs renting out botnets for as little as $10-per-hour.
Finally, as we have entered the Internet of Things (IoT) era, almost any Internet-connected device such as smartphones, security cameras, routers, and printers can be mustered into a botnet for even more DDoS impact.
“The general threshold of effort it takes for a hacker to arrange a DDoS has only decreased in difficulty with reports of cybergangs renting out botnets for as little as $10-per-hour.”
Suffice it to say that DDoS attacks are a trend that continues to grow. According to a report from The Economic Times, there was a 53 percent increase in the DDoS attacks in the first quarter of 2018 as compared to the fourth quarter of 2017. And more than 65 percent of customers who experienced DDoS attacks in Q1 of 2018 were targeted multiple times in unpredictable attacks that varied widely in speed and complexity.
How do attackers launch DDoS?
First, hackers need to get the DDoSTool onto your system. To that end, cybercriminals rely on a whole bag of tricks to enslave your PC, Mac, Android, iPhone, or company endpoint into their botnet. Here are some common examples:
- An email attachment. In a moment of bad judgment, you click on either an attachment or link to a website that the attacker controls, and which hosts the malware it sends you.
- Your social network or messaging app. Like emails, they can include links that attackers want you to click on, again, to trigger download of a DDoSTool.
- Drive-by downloads or click scams. If you surf on a legitimate—albeit infected—website, you don’t even have to click on anything to have the malvertising download botnet malware. Or you fall prey to a pop-up that displays an “urgent” message that prompts you to download some allegedly necessary antivirus security (it’s malware).
After the DDoSTool infection takes root, your computer remains seemingly unchanged, although there are some telltale signs. Your computer might have slowed down noticeably. You get random error messages, or your fan revs up mysteriously even when you’re in idle mode. Whether or not it shows these signs, the infected device periodically checks back in with the botnet command-and-control (C&C) server until the cybercriminal running the botnet issues the command for your device (along with all the other bots) to rise and attack a specific target.
Can DDoS attacks occur on Androids?
Since smartphones are basically portable handheld computers, coupled with the fact that there are around two billion of them in use, they provide a rich attack vector for DDoS on the go. They have the processing power, the memory and storage capacity that make them an attractive target for hackers, especially because phone users rarely secure their devices with anti-malware protection. And like PC users, smartphone users are just as susceptible to email and SMS phishing.
As for infection vectors specific to smartphones, supposedly legitimate apps found in the download marketplace are a frequent hunting ground for DDoS attackers, who have secretly loaded the apps with a malicious DDoSTool. In fact, that’s just how a massive Android-device DDoS attack came to light in August 2018 when a botnet dubbed WireX struck targets in a variety of industries including hospitality, gambling, and domain name registrars. It turned out that up to 300 malicious Android apps penetrated Google Play (which the company scrubbed after being informed of the threat), co-opting devices into a botnet across more than 100 countries.
How do DDoS attacks affect businesses?
Obviously, a company or retail commercial website has to take DDoS threats seriously. And there have been some huge ones in 2018.
As Malwarebytes expert Pieter Arntz writes, “Depending on the type and size of your organization, a DDoS attack can be anything from a small nuisance to something that can break your revenue stream and damage it permanently. A DDoS attack can cripple some online businesses for a period of time long enough to set them back considerably, or even put them out of business completely for the length of the attack and some period afterwards. Depending on the kind of attack, there can also be—intentional or not—side effects that can further hurt your business.”
Side effects of a DDoS include:
- Disappointed users who may never return
- Data loss
- Loss of revenue
- Compensation of damages
- Lost work hours/productivity
- Damage to the business’s reputation
“Depending on the type and size of your organization, a DDoS attack can be anything from a small nuisance to
something that can break your revenue stream and damage it permanently.”
Malware Intelligence Researcher
How do I stop DDoS attacks?
For businesses, the best solution is to plan ahead for a DDoS, either with an “always-on” type of protection or clear protocols in place for your organization to follow when the attack occurs.
For instance, instead of shutting customers out, an online business might continue to allow users to use the site normally as much as possible, even during the attack. Your business could also switch to an alternative system to work from.
Businesses that are vulnerable to mobile phone threats should ensure that private devices connected to the corporate network have an approved mobile security solution to protect against infections (as well as the means to prevent installation of unauthorized apps). And the IT department should be vigilant in sniffing out and intercepting any malicious communication to DDoS C&Cs.
Regarding internal security, there are several best practices you should be following:
- Don’t keep passwords written on Post-it notes on desks or monitors
- Change passwords on IoT devices
- Lock your computer when stepping away
- Log off at the end of the day
- Don’t reveal your login credentials to anyone
On the latter best practice, if it is absolutely necessary to share login information, ensure that it is sent via encrypted channels. If face-to-face with the recipient, share login info in a location where other people will not overhear.
How do I prevent being a part of a botnet?
To avoid becoming an unwilling and unwitting participant in a botnet-fueled DDoS, practice the same good computer hygiene for preventing all malware infections: keep your operating system and apps up to date, and don’t click on unknown links and unexpected attachments.
And of course, real-time, always-on cybersecurity is a hard-and-fast must-have to protect you from DDoSTool downloads and all other associated malware threats. No matter what kind of device and platform you’re using, from Windows, Mac, and Chromebook to Android, iPhone, and business environments, Malwarebytes cybersecurity programs protect users from items detected as a DDoSTool.