The distributed denial-of-service (DDoS) attack, is a cyber-attack which uses multiple sources to flood a server, website or any other network resource in order to temporarily or permanently prevent users to use the specific service or resource.
There are a couple of different types of the denial-of-service (DoS) attacks, including those that crash or simply flood services or network resources. The most common and quite serious is the distributed denial-of-service (DDoS) attack where the attack comes from more than one unique IP address, preventing network administrators to filter a specific IP address and distinguish legitimate user traffic from the DDoS attack traffic.
DDoS attacks usually create a network of bots, also known as “botnet”, which can be compromised of tens or hundreds of thousands bots to flood the target network.
DDoS attacks are usually spread in three general types, traffic-attacks, also known as protocol attacks, which using flaws in common protocols like Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP) and others to overwhelm network resources; bandwidth-attacks, which flood the network with packets and simply overloads the network with massive amount of data leading to a complete denial of service; and the application-layer attacks, which target specific application services or databases and causing denial of service by requesting a high volume of application calls.
The rise in DDoS attacks can be somewhat contributed to the expanse of Internet of Things (IoT), which although useful, are commonly used by DDoS attackers.
DDoS attacks have become so common in that the network protection against such attacks has also evolved in the last decade, with most common one being cloud-based DDoS prevention tools or services.Some of the well-known DDoS protection services include Incapsula’s Imperva, Cloudflare, Arbor Networks’ Arbor Cloud, Akamai’s Kona, F5 Network’s Silverline and others.There are also a couple of other solutions including Google’s Project Shield, Amazon’s AWS Shield, and others.
Future of DDoS attacks and network security
DDoS attacks have been significantly growing in the past few years, with both increases in the number of attacks and the number of devices, as well as an increase in application layer and bandwidth, with some of the biggest attacks using 100,000 botnet nodes and reaching rates of up to 1.2Tbps.
There is also a significant increase in attacks coming from IoT-based botnets, with Mirai as one of the most well-known ones, which was compromised of over 1.2m devices in late-2016 which included IP cameras, digital video recorders, other IoT devices and even routers. One of the biggest attacks from Mirai was on the DNS provider Dyn, which managed to bring down some big sites like Twitter, GitHub, Reddit, Netflix, Amazon, AirBnB, Spotify and others.
Currently, there has been a word on an even a worse IoT botnet, currently known as the IoT Troop or Reaper, which builds on Mirai’s code but actually uses known security flaws on systems, rather than just using known passwords on less-secure devices, allowing it to become both larger and more dangerous than Mirai ever was.
Most security companies agree that IoT security needs to be taken to a higher level but with such a big growth in IoT devices, especially cheap ones, it could be a losing battle and security companies need to find the way to prevent or mitigate the future DDoS attacks.