Whether it is Amazon Web Services or small businesses, cloud services need to protect themselves from cyber-attacks. Two of the most common attacks are Denial of Service (DoS) and Distributed Denial of Service (DDoS).
But what are they? How do they work? And what is the difference?
In this article, we will discuss these attacks, how they work, and how you can protect your business-critical services from disaster.
What is a DoS attack?
DoS refers to a ‘Denial of Service’ attack.
This type of attack uses a distant computer to send many UDP and TCP packets to a specific server or network port. ‘UDP’ & ‘TCP’ are network protocols used for transferring data quickly, and ‘packets’ are TCP (and sometimes UDP) data units.
When this attack exceeds the system bandwidth, packets cannot get through to requests from legitimate users.
There are plenty of reasons why an attacker would try to take down the sites and servers of companies. The most frequent causes include:
- Disgruntled current or former employees. This is another good reason to think about employee satisfaction and what is minimum wage for even your entry-level employees
- Malicious competitors
- Political motivations (think “hacktivism”)
You might remember “LulzSec” from news headlines many years ago, who claimed to have taken down Sony’s Playstation services for the “lulz”.
Whatever the motivation, a successful DoS attack can cause significant damage to your website and business. This is why you need to be aware of the risks and take preventative measures. Let us take a look at some of the most common DoS attacks:
Buffer Overflow
The most typical DoS attack is the buffer overflow. A buffer overflow attack simply involves a cyber-attacker flooding a network’s address with “traffic,” rendering the network inoperable.
Ping of Death
In this kind of attack, the target machines are devices whose security is not properly set up. You might have heard of hackers targeting something as unlikely as an office’s Wi-Fi-enabled printer.
It uses them to deliver fake packets from this single source that pings each and every targeted computer on the network. Because the source IP addresses are in-house, it does not set off automated alarm bells quite as easily.
SYN Flood
SYN flood attacks start the network connection request procedure with a server, then stop the process before it is finished. An actual user cannot get legitimate traffic through because, as with all these attacks, the network becomes overloaded with high volumes of traffic.
Teardrop
In a teardrop attack, the attacker sends fragments of IP data packets that the network has to try to put back together. If it is not caught in time, the system will time out and crash trying to make sense of the missing fields in the data packet.
The danger of these attacks is that they are very simple and low-cost to carry out, but if successful, they can take a company’s server down for days or weeks. If the business is a cloud service or SaaS provider, this could be devastating to them and every company that depends on them to do their own work.
What is a DDoS attack?
A DDoS (Distributed Denial of Service) attack is trickier than a DoS attack. This is because DDoS attacks several devices, making the attack much worse. Being attacked by a botnet of hundreds, maybe thousands, of hacked devices is a much trickier problem than just blocking malicious traffic to your signing systems server from one source. Types of DDoS attack include:
Ping Flood
Business phone systems use functions like call parking – this is when the system is taking more calls than there are phones to answer them. But a cloud server has no such protections built in. If the server gets too many requests at once, it will effectively shut down the system for other users. These malicious requests use “ping packets” to take a network down, which makes them comparable to UDP flood attacks. These packets will be sent by an attacker very quickly and without waiting for a response, as a legitimate actor would.
UDP Flood
A UDP (User Data Protocol) flood attacks the network with a deluge of UDP packets. The attacker’s script finds a remote host and starts flooding the HTTP ports. The host keeps searching for an application that it thinks is listening at a specific port. Once the host times out or realizes there is no application, it responds with a packet advising that the destination could not be reached. This procedure exhausts a network’s resources, preventing legitimate user devices from connecting.
Slowloris
The malware tool Slowloris enables an attacker to transmit insufficient HTTP requests without intending to finish them. After that, the malware transmits HTTP headers with each request in order to ramp up the attack.
This restricts the targeted network’s ability to deploy resources. This will keep happening until the targeted server can no longer establish new connections.
Because the tool gets rid of the need for the bandwidth for the attacker, it is a popular tool for low-effort hackers who do not have the resources to run a big DDoS attack.
HTTP Flood
This refers to any attack that uses HTTP GET or POST requests at the application layer with the goal of attacking a particular app or web server.
Unlike other attacks, it does not require incomplete or malformed data packets, instead using well-formed HTTP requests to bombard the server with requests all at once.
Zero-day Attacks
This kind of attack takes advantage of new and undiscovered vulnerabilities. It serves as a catch-all phrase for any attack that could hit your new software or hardware as soon as you install it.
Zero-day attacks are challenging to defend against since they are “undiscovered” by definition, and there is no prior art for dealing with them.
What are the differences?
The main difference between DoS and DDoS attacks is that DDoS uses many internet connections – in contrast to DoS’ single connection – to take the victim’s network offline. DDoS attacks are more challenging to identify because the victim cannot accurately detect the attack’s origin.
Another big difference is the amount of malicious traffic being sent in. DDoS attacks enable the attacker to flood the target network with enormous amounts of traffic, whereas DoS does not need so much.
With AI systems like GPT-3 enabling powering an instant outline generator for any content you can think of, it is no wonder we are seeing simple hacks and attacks like DDoS getting automated by armies of bots.
DDoS attacks are carried out using those botnets, or networks of hacked devices under the attacker’s control.
DoS attacks, on the other hand, are often carried out via a script or a DoS tool like the famous “Low Orbit Ion Cannon”.
How to Prevent DoS and DDoS Attacks
There are a number of ways to prevent DoS and DDoS attacks. These include:
Updating the site regularly
Updating your site’s core codebase, front-end themes, third-party plugins, and other software reduces the chance that vulnerabilities may be exploited by hackers.
Third-party plugins in particular are a cloud cybersecurity risk if they are not properly audited by your IT team. By keeping your website updated, you also reduce the chance that it will be used as part of a botnet.
Review site logs
You may spot any suspicious activity on your site before it causes an issue by auditing server event logs. You can see issues like HTTP error codes that could be brought on by unidentified DoS attacks. Logs will also allow you to trace any cyber-attack or attempted cyber-attack back to its precise origin.
Get the whole IT team on an enterprise communication platform conference call dial-in to go over the logs and audit the logs whenever something looks out of place.
Tighten up your user authentication
Part of any engaging webinar is making sure the right people get in. When Zoom exploded in popularity there was a wave of “Zoom bombing” where strangers would appear in meetings, calls, and classes because the hosts had not set permissions properly.
If online events need that level of security, why do companies invite cyber-attacks with slack user permissions? Strong passwords which are changed regularly, and accounts protected by two-factor authentication should be the minimum standard for cybersecurity at this point in time.
Tightening up your user authentication measures is one of the easiest ways to protect yourself from DoS attacks.
Invest in anti-DoS technology
Invest in services that assist in identifying such assaults by examining network traffic, such as anti-DDoS and anti- DoS attack services.
For example, you could automatically implement “blackhole routing” in which traffic is redirected to a null route.
This diverts the DDoS traffic to an endpoint where nothing else happens to it. Because the data is not processed, your servers are safe even though the hacker’s script is still firing. This failed attack, recorded in your event logs, will let you gather data like IP addresses to block them in the future.
Come up with a strategy
Be proactive with a thorough DoS response strategy. When you are running a service with customers who depend on you, you need a plan for incidents like attacks or other outages. A dedicated team must be assigned to make sure every device on the company network is safe. So if you sign up with a cloud phone system, someone will make sure it is authenticated and protected.
This team should be doing regular “horizon-scanning” activities: looking out for new cyber-attacks and making sure your company is ready. If you do not have this in place, a cybersecurity risk assessment is a great place to start.
Understanding DoS attacks
Every DDoS attack is a DoS attack, but not every DoS is a DDoS. While these attacks are all about overwhelming your system, some are more dangerous than others. By understanding the latest threats and preparing in advance, you can avoid a disaster that will take out your infrastructure and seriously damage your brand.
