From Everywhere At Once: DDoS Attacks

By October 26, 2016 Cybersecurity Readiness

Have you ever been unable to carry on a conversation with somebody because too many other people were talking to you at once? Overwhelming you with so much information that you cannot process and respond to it is a classic way that hackers bring down websites or networks. Too many people talking to you at once is a simplified, albeit accurate, analogy for a distributed denial of service attack.

Let’s break it down. A denial of service attack (DoS) is when a hacker will use a computer and an internet connection to flood a target – think a website or possibly a network – with internet traffic. For example, imagine MomAndPopBakery.com has the infrastructure to handle a few thousand site visits a second and typically only gets a few hundred. In a DoS attack, MomAndPopBakery.com might get several hundred thousand requests per second from someone with some malicious software. All this extra information at once is far too much for the target to process, and overwhelms it to the point of crashing.

A distributed denial of service (DDoS) attack is much more devastating. Instead of one attacker using a computer and an internet connection, the hacker will take control of multiple – often thousands – of devices and utilize all of them to simultaneously flood the target with traffic. As the Internet of Things (IoT) proliferates, malicious actors are increasingly using these internet-enabled devices as pawns in DDoS attacks. Internet-enabled webcams, baby monitors, and other devices are typically manufactured with no real security features thanks to their minimal processing power and are often secured with widely-known, manufacturer-assigned default passwords. Hackers can build programs that scan the internet for such unsecured devices and hijack them, in the process amassing an army of ‘zombie’ machines. This army can then be directed to send traffic to the target, overwhelming it. The potency of a DDoS attack stems not only from its size and scale, but from the fact that the attack is coming from thousands of different places, making it near impossible to filter out malicious traffic, let alone find the perpetrator.

Ordinarily, such incidents are only damaging in the costs they impose upon the target. It is expensive to get systems back online and to launch an incident response. The costliest part of any DoS-style attack, though, is usually lost business during a website outage. Imagine Amazon experiencing a massive DDoS attack on Black Friday – a day when they process more than 300 orders a second. An attack of only a few minutes means millions of dollars in lost income.

The past several months, however, have seen DDoS attacks unprecedented in not only their size, but also in their means of attack and in their chosen targets. In September, more than 140,000 cameras and DVRs were taken over and used to attack French internet service provider OVH. This happened right after a suspected 1 million cameras, lightbulbs, and thermostats were directed at cybersecurity blog Krebs on Security. And just this month, a huge attack on DNS service provider Dyn led to internet outages across the east coast of the United States. These incidents likely herald a new normal in DDoS attacks.

DDoS attacks are also taking aim not only at single entities, but the infrastructure of the internet itself. The targeting of OVH and Dyn triggered chain reactions that led to outages system-wide. The attack on Krebs on Security, too, signals the willingness of groups to turn to cyberspace to achieve their political ends. As IoT devices become more ubiquitous, they are injecting new life and capabilities into DDoS. Expect DDoS attacks to accelerate in frequency, severity, and size.

It is hard to stop a sophisticated DDoS attack once it has been launched. Firms like Google have services like Project Shield, which makes use of proprietary filtering technology and caching to keep websites online during an attack. Beyond endeavors like that, however, it is advisable to focus on preventative steps. For instance, consider making IoT devices harder to hijack. Making use of the security features that do exist on an internet-enabled device is crucial. That means upgrading and patching when the manufacturer makes updates available to close any known vulnerabilities. It also means changing the default factory password to something strong so that a device cannot be taken over without a fight. Perhaps most importantly, pressure needs to be put on the manufacturers themselves to invest in more security for their products.

IoT devices and the devastating DDoS attacks they enable are likely only to proliferate. While the steps outlined are long-term mitigating strategies, and not necessarily solutions, they are a crucial component of mitigating the threat DDoS attacks present to our digital infrastructure.