Although many forms of DoS attacks exist, the most common types are the following:
1. Network resource overload consumes all available network hardware, software, or bandwidth of the target.
- (a) In a direct network resource overload attack, the cyber threat actor overloads resources using tactics, such as exploiting a server vulnerability or inundating servers with requests.
- (b) In a reflection amplification attack, the threat actor consumes network resources by reflecting a high volume of network traffic to the target. The actor use a third-party server (the “reflector”) as an intermediary that hosts and responds to the given spoofed source IP address.
2. Protocol resource overload consumes the available session or connection resources of the target.
3. Application resource overload consumes the available compute or storage resources of the target.
A DoS attack is categorized as a distributed denial-of-service (DDoS) attack when the overloading traffic originates from more than one attacking machine operating in concert. DDoS attackers often leverage a botnet (a group of hijacked internet- connected devices) to carry out large-scale attacks that appear, from the targeted entity’s perspective, to come from many different attackers. A wide variety of devices may make up a botnet, including Internet of Things (IoT) devices. IoT devices are internet-connected and often use default passwords and lack sound security postures, making them vulnerable to compromise and exploitation.
Because infections of IoT devices often go unnoticed by users, an attacker could easily assemble hundreds of thousands of these devices into a formidable botnet capable of conducting a high-volume attack. Further, after establishing a botnet, a cyber threat actor may rent it out to other potential attackers in an “attack-for-hire” scheme, which enables unskilled users to launch DDoS attacks.
The more traffic a DDoS attack produces, the more difficulty an organization will have responding and recovering from the attack. The increase in traffic also increases the difficulty of attribution because it makes the true source of the attack harder to identify. Although the impact of DDoS attacks may often be negligible (depending on the scale of the attac) it could be severe and include loss or degradation of critical services, loss of productivity, extensive remediation costs, and acute reputational damage. Organizations should include steps to address these potential effects in their incident response and continuity of operations playbooks.
Although a DDoS attack is unlikely to impact the confidentiality or integrity of a system and associated data, it does affect availability by interfering with the legitimate use of that system.
Because a cyber threat actor may use a DDoS attack to divert attention away from more malicious acts they are carrying out (e.g., malware insertion or data exfiltration) victims should stay on guard to other possible compromises throughout a DDoS response. Victims should not become so focused on defending against a DDoS attack that they ignore other security monitoring.
In a progressively interconnected world with additional post-pandemic remote connectivity requirements, maintaining the availability of business-essential external-facing resources can be challenging for even the most mature IT and incident response teams. It is impossible to completely avoid becoming a target of a DDoS attack. However, there are proactive steps
organizations can take to reduce the effects of an attack on the availability of their resources.
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released this joint guide to provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible.
Download
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more