When most people think of cyber-attacks, they think the biggest risk is loss of data or money. But there is another risk to consider – denial of service attacks.
This blog aims to help you understand DoS attacks to manage the risk against your network, system or service.
What is a Denial of Service (DoS) attack?
A DoS attack aims to make a network or device unavailable to its intended users. Attacks do this by overwhelming the network or device with excessive traffic, degrading its performance or even making it in-accessible. A successful attack will result in the loss of availability of part of, or a whole, system. This costs the business time and money to recover the system, defend from future attacks, and analyse what went wrong.
A distributed denial of service (DDoS) attack is a type of DoS attack. A DDoS comes from a several sources, not just one attacker. As the traffic is spread across different attackers, they’re more successful as they generate more attacking traffic. It also makes the attacker harder to distinguish from legitimate traffic.
How does a DoS attack occur?
As we’ve mentioned, DoS attacks occur when a cybercriminal overwhelms a system, server, or network with excessive traffic or requests. Here’s are some DoS strategies:
Traffic overload: the attack floods the system with huge amounts of traffic. The volume of fake requests is so large that it exhausts the system’s resources (e.g. bandwidth, processing power, or memory), so it slows down or crashes. This means the system can’t be accessed.
Resource exhaustion: Attackers target specific system resources (e.g. memory, CPU, or storage), in an attempt to deplete them. When these resources are exhausted, the system is unable to function, leading to service degradation or complete unavailability.
Amplification attacks: In some cases of DoS attacks, the attacker uses vulnerable third-party systems to amplify the volume of traffic sent to the target. A common technique in the DNS amplification attack. The attacker sends multiple, smaller requests to open DNS servers that generate massive responses that are directed to the victim.
Other types include Ping (ICMP) Floods, SYN Floods, UDP Floods, or HTTP Floods.
Key steps of a DoS attack are:
- Target selection: Choosing a system or network with weaknesses.
- Preparation: Using tools to automate the process, or for DDoS, building or renting a botnet.
- Execution: Launching the attack, using one of the above methods.
- Disruption: The system is either slow or completely unavailable.
What damage can DoS attacks do to businesses?
The aim of DoS attacks is to render a system or network unusable. As we said, this costs valuable time and money. But what other ways do they impact businesses?
Operational disruption: The DoS attacks overwhelms a company’s servers, making websites, applications, or online services unavailable. Internal systems such as emails, CRM and databases can be taken offline, making it really difficult for employees to carry on with their jobs.
Reputational damage: Frequent or prolonged outages impacts customer trust. This could lead to loss of future business, and previously loyal customers could up and leave. Media coverage of major outages have an even bigger impact on a company’s public image.
Gateway to other attacks: Once a cyber attacker has access to a company, who knows how far they will go. The DoS could be a distraction while the attackers launch even worse attacks, like breaches or ransomware. These exposed weaknesses invite further attacks from the same attacker, or others.
How to protect yourself from DoS attacks?
Traffic monitoring
By monitoring traffic, any anomalies can be detected before they can make an impact. A Network Traffic Analysis using tools like Intrusion Detection/Prevention Systems can analyse traffic patterns and then alert administrators.
Rate limitation
Restricting the number of requests that a single IP address or user can send within a specific time period. Therefore, a single source cannot overwhelm your system with loads of requests. For businesses using APIs, you can limit the number of API requests from each client to reduce the risk of overload.
Firewalls and anti-DDoS solutions
Traditional firewalls can set rules to block traffic from suspicious or malicious IP addresses, stopping attackers before they even reach the server. Web application firewalls block common DoS attack types such as HTTP floods, SQL injections, and cross-site scripting attacks.
Content Delivery Networks
A content delivery network (CDN) distributed web traffic across multiple servers, reducing the risk of a single server becoming overwhelmed. Te traffic is distributed to data centres all around the world, so a single location isn’t overwhelmed. Many CDNs offer built-in DDoS mitigation, so attackers are filtered out before reaching the origin server.
Anycast networks
Anycast routing is a technique where several servers share the same IP address, and traffic is routed to the least congested server. This is a way to prevent an attack from focusing all of its force onto a single server. Legitimate users are routed to the closest server to them geographically, so their performance is improved.
Specialised DDoS mitigation services
AWS Shield, Azure DDoS Protection, and Google Cloud Armor are all cloud-based DDoS protection providers that offer scalable defences that can handle large-scale attacks. These services divert attacking traffic to scrubbing centres, filtering out malicious requests and forwarding legitimate traffic to the business.
IP blacklisting and geo-blocking
Block known malicious IP addresses or entire geographical locations to reduce the attack surface.
Server hardening
Build up the security of your server and networks by applying security best practices. Make sure all systems are updated to the latest security patches, disable unnecessary services to reduce entry points, and properly allocate server resources to prevent exhaustion from an attack.
Incident response plan
Prepare for an attack! Put a clear, well-practiced incident response plan together to mitigate any effects when a DoS attack occurs. Enable real-time alerts, have predefined escalation procedures, and plan for alternative backup communication channels, in case your emails and online chat services are affected. Pen testing and DoS simulation are great ways of testing your incident response plans.
Woah – that’s a lot! In short, there’s a bunch of ways you can protect yourself from DoS attacks. As always in cybersecurity, the best method is a layered approach – multiple protection methods working together. We’re here to protect your business.
If you want to put some of these methods in place, then get in touch and we can create a bespoke cybersecurity plan for your business.
