T2021_16 Distributed Denial-of-Service Attacks (30th September 2021)

What is distributed denial-of-service attacks

A Distributed Denial-of-Service Attack is a malicious attempt to disrupt the normal traffic of a server that is being targeted by an attacker (cybercriminal), whereby the network becomes overwhelmed with traffic, which causes operations or communications to significantly slow down.

One must take note of the difference between DoS and DDoS attacks, Denial of Service attacks, floods a server with traffic, making a website or resource unavailable. A distributed-denial-of-service attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.

Categories of Distributed-Denial-of-Service

Distributed-Denial-of-Service (DDoS) attacks can be divided into three main categories. These are

  • Volume base attacks – The attack goal is to saturate the bandwidth of the specified site by using a communication protocol called User datagram protocol (UDP), where the malicious user overwhelms random ports on the targeted host to make the system unresponsive.

  • Protocol Attacks – This type of attack consumes server resources or those of intermediate communication equipment, such as firewall and load balancers.

  • Application Layer Attacks – This is a slow attack (controlled volume traffic) that targets Apache, Windows or OpenBSD. The attack looks legitimate in sending a request to servers and workstations, but it intends to crash the webserver.

    Indicators of compromise

    Signs and symptoms can include but are not limited to:
    1. slow network traffic
    2. poor performance, excessive processor usage and often 3. a failure of the service.

How to mitigate a DDoS attack

One hundred percent security cannot be guaranteed, however, there are proactive measures one can take to mitigate the effects of a DDoS attack. Some measures include:

  • Implementing a DDoS protection service that detects abnormal traffic flows and redirects away from the network.

  • Installing a firewall and configuring it to restrict traffic coming into and leaving your network.

  • Installing and maintaining antivirus software

Take steps to strengthen your security posture of all internet-connected

devices to prevent them from being compromised:

o Create a disaster recovery plan to ensure successful and efficient communication and mitigation in the event of an attack.

The Guyana National CIRT recommends that users and administrators review these recommendations and implement them where necessary.
PDF Download: Distributed Denial of Service Attacks.pdf

References

  • Understanding Distributed Denial of Service attacks (20th November 2019). Retrieved from Cybersecurity & Infrastructure Security Agency.

          https://us-cert.cisa.gov/ncas/tips/ST04-015

  • Distributed Denial of Service attacks (n.d). Retrieve from Cloudflare.

          https://www.cloudflare.com/learning/ddos/glossary/denial-of-service/