What Is a DDoS Attack And What Are Its Consequenses.
A distributed denial of service attack or DDoS (for its acronym in English), is an extension of a denial of service (DoS) attack that is carried out from the generation of a large flow of information or requests from various sources towards a specific goal.
The difference between one and the other lies in the fact that a DoS attack is characterized by having a single source of origin, while a distributed attack comes from several origins, which makes attempts to block it more difficult while increasing its effectiveness.
Both attacks consist of the massive and simultaneous sending of certain data packets to a target, usually a web server, affecting its processing capacity by being overwhelmed and therefore collapses. As a consequence of this, the services interrupt their normal operations and legitimate users cannot access the sites.
There are various tools or services for executing a DDoS attack, although they are generally carried out through botnets . A botnet is malicious program that can be remotely controlled by an attacker. This type of malicious program or malware is made up of a control panel from which the actions to be carried out are executed and a server application that establishes communication with the attacker’s control center. The particularity of botnets is that they allow an attacker to execute instructions on many computers infected with the malware simultaneously. In the event of a DDoS attack, malicious programs are remotely instructed to make synchronized connections or requests to the target of attack.
DDoS: attacks against the availability of information
The traditional definition of information security is based on the preservation of the confidentiality, integrity and availability of the information. Confidentiality is the property to be accessible only by the entities that possess the privileges and authorization; integrity is the property to maintain its accuracy and completeness; while availability is the property to be accessible and usable when required.
In this set of ideas and definitions, it is necessary to identify the way in which attacks that seek to compromise an asset or information system are classified, according to their manifestation and intentions: interception, interruption, modification and manufacture.
In this context, a DDoS attack threatens the availability of information, thereby affecting the location of information assets; that is, the elements where the information is stored, processed or transported, in an attempt to disable any asset.
In addition, a DDoS attack is included within the category of interruption, so the attacker will seek to affect the container of the information asset, which can generally target hardware, software, applications, servers or networks, through buffer overflow (consumption of hard disk space, memory or processing capacity), or through flooding (saturation of a service with an excess of packets.
Take, for example, an online store whose business is based on the sale of products that it offers through a platform or website. In the event that the store is the victim of a denial of service attack, the company will be financially affected as a result of the impossibility for customers to buy due to the interruption of the service.
Motivations behind DDoS attacks
There are a number of reasons why distributed denial of service attacks are carried out. “Traditionally” this type of attempt to affect information assets was related to hacktivist actions , that is, as a measure of pressure exerted by groups that sought to affect services or the image of organizations, mainly caused by ideological or political differences.
However, in recent years, DDoS attacks began to be used by cybercriminal groups to extort organizations through ransom notes, threatening to carry out this type of attack against them unless large sums of money are paid, generally in cryptocurrencies. This attack mode has been called Ransom DDOS (RDDoS).
The ransom notes included specific assets at the victim company as part of a “test attack” to demonstrate the severity of the threat and generate fear. The attackers began targeting organizations from various industries around the world, although in some cases these were only threats, not including the execution of the DDoS attack.
Recently this same technique has been used as a measure to put pressure on victims of targeted ransomware attacks, who have refused to pay ransoms related to the hijacking of their information.
Within the set of coercive practices such as doxing , print bombing or cold calls , ransomware actors began to add DDoS attacks on the websites of the affected organizations, with the purpose of forcing them to establish or resume extortion negotiations, and finally monetize ransomware attacks.
Denial of service attacks remain in force
Denial of service attacks continue to be used today as a way to affect resources and put pressure on organizations, not only for ideological motivations but even to monetize various attacks. In other words, these types of attacks have become one more tool in the arsenal of measures employed by cybercriminal groups that are becoming increasingly aggressive and lucrative.
In this context, organizations require comprehensive protection strategies that, although they must consider security tools and services, also require management practices, education and awareness, as well as new approaches that have gained relevance in recent years such as intelligence threats or the emulation of adversaries.
