In 2007, Estonia, a country in Northern Europe, was effectively shut down for several weeks as a result of a directed denial of service (DDoS) attack. Imagine a simple script being able to compromised an entire country with a population of ~1.32 million. These attacks are particularly remarkable due to their low cost, effectiveness and use in cyber-security.
DDoS attacks usually aim to make a website or online service inaccessible for some time. It does this by flooding the website with artificial requests for service. Essentially, the creator of the attack builds a “bot-net” which is a network of machines infected with malware. Eventually as the bot-net grows to an acceptable size (which can be a few hundred to even tens of thousands), the creator instructs them to flood a particular site, rendering the site effectively useless for other potential users.
There are a plethora of common DDoS attack types such as: volume based, protocol, and application layer. Volume based attacks typically aim to consume a lot of bandwidth and so the higher the bits per second (bps), the more effective the attack. Protocol attacks directly target server resources with the intention of getting a very high packets-per-second that will cause the server to crash. Application layer attacks are able to make legitimate requests but at a very high volume. Once the rate of requests is high (a large amount of requests in a short time), the web server will crash.
They are also quite effective in compromising organizations. Researchers at Corero Network Security estimate that DDoS attacks cause $50 000 per attack, on average. This figure comes from lost business, the cost of stopping the attack, as well as the overall loss of productivity. The research also showed that 78% of companies lost their customer’s trust and confidence after DDoS attacks. This along with intellectual property theft, malware infection, and lost revenue demonstrate how damaging DDoS attacks can be for a corporation of any size.
Conversely, DDoS attacks prove quite useful for the development of cyber security. White-hat hackers, people who test the vulnerabilities in computer security systems, typically analyze the DDoS scripts in the hopes of developing procedures to counteract them. Some have been able to implement and effectively employ features such as Black Hole Routing i.e. create a null route then funnel all traffic into it and then drop the route from the network. Another technique is called Rate Limiting. This is where the number of requests that would be accepted over a certain time is limited. This proves quite useful in handling web scrapers and also mitigating brute force login attempts. The development of these methods illustrate how DDoS attacks can actually benefit the field of cyber security.
To summarize, the effectiveness of DDoS attacks compared to the effort required in carrying them out, is remarkable. DDoS attacks reinforce the need for proper cyber security and thus can be used conversely as both a destructive weapon and a learning tool.
1. Associated Press. (2009, 8 7). A look at Estonia's cyber attack in 2007. Retrieved from NBC News: http://www.nbcnews.com/id/31801246/ns/technology_and_science-security/t/look-estonias-cyber-attack/
2. Cloudfare. (2019, 09 24). What is a DDoS Attack? Retrieved from Cloudfare Inc. Website: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/
3. Cook, S. (2019, August 20). DDoS attack statistics and facts for 2018-19. Retrieved from Comparitech Limited Web Site: https://www.comparitech.com/blog/information-security/ddos-statistics-facts/
4. Corero Network Security. (2018, March). Individual DDoS Attacks Can Cost Enterprises US $50,000. Retrieved from Corero Network Security Website: https://www.corero.com/company/newsroom/press-releases/individual-ddos-attacks-can-cost-enterprises-us$50000/
5. Murphy, T. (2018, 02 26). The Consequences of DDoS Attacks are Rising. Retrieved from CSO: https://www.cso.com.au/article/633885/consequences-ddos-attacks-rising/