What is a denial of service attack, and how can I prevent it?
Few things are as catastrophic in modern life as not being able to use the Internet. Social media outages are headline news even when they last for a matter of minutes, so integral are they to how we communicate. For a business, losing your website for any extended period not only means losing sales, but also losing some of the trust of your clients or customers.
This is the terrifying prospect behind a Denial of Service attack. These common and easily executed attacks can knock our websites and critical systems for minutes or hours at a time. While they pose less of a security risk than some other cyber attacks, they are harder to stop – meaning that your security has to be proactive to prevent them.
What is a Denial of Service attack (DoS)?
A Denial of Service (DoS) attack is a cyber-attack that is designed to shut down the connectivity of a machine or network, making it inaccessible to its intended users. This is usually done by flooding the targeted machine or network with traffic (known as a Flood Attack), or by sending information across that triggers a crash (referred to as a Crash Attack).
Unlike the majority of other cyber threats covered in typical security training modules, DoS attacks are unlikely to result in a data breach, although they can expose vulnerabilities which could be exploited. However, they can end up being very costly for organisations, as they may require a great deal of time and money to resolve.
In recent years, Distributed Denial of Service (DDoS) attacks have become increasingly common. These types of attack occur when multiple systems carry out synchronised DoS attacks on a single target. In these cases, the key difference is that the target ends up being attacked from various different locations at once, increasing the amount of traffic or data that is being sent.
Why are DDoS attacks so hard to stop?
DDoS attacks provide a number of advantages for the cyber criminal over traditional denial of service attacks, or indeed other forms of cyber attacks. These include:
- By using more than just one machine in a combined attack, the attack is far more powerful, and can overload the victim machine or network much quicker.
- Because the locations of the attacking systems are often spread across a wider area, it is much more difficult to locate and identify the attacker.
- It is significantly harder to shut down multiple machines rather than just stopping one.
While DDoS attacks themselves do not pose the risk of a data breach, the irony is that they often require such data breaches to operate. Many DDoS attacks originate from computers which have been compromised and hijacked by malware, often without the knowledge of their owner. This allows the attackers to coordinate computers around the world, and means that they do not actually have to own the hardware themselves.
Why would someone carry out a Denial of Service attack?
There are a number of ways in which an unscrupulous person could benefit from performing a Denial of Service attack:
- Financial motivations. Organised crime groups can use the threat of a DoS attack to extort organisations. Some companies will pay up simply to avoid the disruption that an attack would cause, or to end a sustained attack.
- Political or social motives. DoS attacks can be used to take down websites or networks of political opponents, or of companies or organisations that an activist group sees as unethical. Readily available ‘stress-testing’ software such as LOIC can enable individuals to band together and launch DDoS attacks with the click of a button.
- As a form of distraction. Attackers may use a DoS attack to draw your attention away from other malicious activities they are carrying out. A DoS attack on one system may preempt a more serious breach of another system, or a different kind of attack on the same system.
- Self-inflicted incidents. Denial of Service disruptions can sometimes stem from mistakes on the part of an organisation’s IT department (eg. failing to configure the company’s server properly, resulting in an overload of network requests).
How to prevent a Denial of Service attack
While Denial of Service attacks are difficult to prevent entirely, there are a number of measures you can take to limit their effectiveness, and react appropriately when they do occur:
- Network security is imperative to stop any DDoS attack attempt. Ensuring that firewalls and intrusion detection systems, anti-virus and anti-malware software, and endpoint security are in place is key. One common method is to use a ‘reverse proxy’ service to check traffic before it arrives at your website. This will absorb attacks, and prevent obviously harmful access attempts from even reaching your servers.
- Look out for warnings. Signs of a DoS attack or – stress testing – prior to an attack may include a poor connection, slow performance, or unusual traffic. Spotting these signs will allow you to react quickly and stop attacks that are in progress, or prevent larger attacks before they occur.
- Continuous monitoring of network traffic. Real-time monitoring ensures that you can detect a DoS attempt before the attack takes place, even if the signs are not immediately obvious.
Not taking action on DoS attacks is extremely risky, and could be detrimental to yourself and your business. For any more information on cyber security, including how you can further protect yourself as a business from DoS attacks, get in touch with Sota today.