DDoS stands for Distributed Denial of Service, one of the oldest types of cyberattacks. A DDoS attack is designed to disrupt a website or network by bombarding it with traffic. These malicious attacks have been a cybersecurity threat since the 1980s. Hackers and others use these attacks for a variety of reasons including revenge, extortion, and financial and political motives. Not only are these damaging to individual operators, they sometimes can render huge chunks of the internet unusable for a period of time. A DDoS attack is often combined with other malicious activity including ransomware to extort money or theft of sensitive data to commit ID theft. Attackers do this by infecting hundreds or thousands of PCs, creating “zombies” or botnets which can create disruptions or spew out malware.
How Does a DDoS Attack Work?
DDoS attacks have evolved considerably since the first one in 1988. A graduate student, Robert Tappan Morris, wrote an experimental program to send huge amounts of data to help understand how many devices were connected to the internet.
The first step in most DDoS attacks today is using malware to create a botnet, which is a “zombie” army of computers that can be used in a network to attack a website or online service. (This is relatively easy, as many people fail to take even basic cybersecurity precautions like installing effective antivirus software and setting strong passwords with a password manager.) In many cases, the owner of a zombie PC may not be aware of the malware infection, which can lie dormant until the hackers activate it.
“Hackers can take over machines with a phishing email that looks legitimate. But when you click on it, it takes you to a bad website and you download something onto your machine, and you unwittingly become part of the botnet,” says Rick Holland, a cyber threat intelligence expert at Digital Shadows.
The first step in most DDoS attacks today is using malware to create a botnet, which is a “zombie” army of computers that can be used in a network to attack a website or online service.
Denial of service attacks can shut down websites and online services by flooding them with requests that overwhelm them. While the goal may be to take a website or service offline, in many cases “botnet DDoS attacks are merely smokescreens for other, more damaging attacks,” such as spam, crypto-mining, adware fraud, or other malicious activity, according to the Israeli-based security firm Cynet.
Holland says that cybercriminals often combine a DDoS attack with ransomware and data theft to multiply their avenues for extortion. For example, “the CEO of a company gets an email saying, ‘hey we’ve got your data; pay us or we’re going to leak it,'” he says. “If they ignore this, it escalates and they say, ‘we’re going to take down your e-commerce site.’’ And they’re encrypting all the devices so it’s double or triple extortion.”
Denial of service attacks, like other types of malware, can be bought and sold on the dark web, making it easy for threat actors to get in the game by using DDoS-for-hire or DDoS-as-a-service.
How to Identify a DDoS Attack
DDoS traffic often come without warning and can be difficult to detect until a network is so inundated with traffic that it can no longer function. To detect these attacks before they escalate, network administrators look for suspicious amounts of traffic from a single IP address or range, or other unusual traffic patterns that may be directed to a single endpoint or page. Other measures like installing a firewall can help as well.
Quick detection is essential for DDoS protection to avoid a costly shutdown. Thus, it’s important to monitor and prepare in advance with a defense strategy. Many security services, including California-based Sucuri, can provide tips on monitoring. PC users whose machines are hijacked for botnets may also be unaware of their role in these attacks, highlighting the need to watch for signs of infection, according to Logix Consulting.
Types of DDoS Attacks
Denial of service attacks are possible because of the open nature of the internet. Attackers “exploit normal behavior and take advantage of how the protocols were designed to run in the first place,” according to CompTIA, a technology industry group. “In the same way a social engineer manipulates the default workings of human communication, a DDoS attacker manipulates the normal workings of the network services we all rely upon and trust.”
These attacks come in various shapes and sizes, using various DDoS tools. An application layer DDoS attack, also known as a Layer 7 attack, hits the consumer-facing side of a network, according to computer security firm Cloudflare. These attacks target the part of the internet where web pages are generated and delivered in response to an HTTP request (what you type when you try to connect to a website).
In some cases, application layer attacks become HTTP flood attacks. An attacker uses these to saturate a website and make it impossible for others to connect to it.
Denial of service attacks are possible because of the open nature of the internet.
Other DDoS attacks include protocol attacks or SYN floods, which involve sending so-called “handshake” requests – which is how two computers and networks verify and connect to each other – without completing them. This can overwhelm a target network.
A volumetric attack, just like it sounds, delivers massive volumes of requests, often from a botnet, which can be too much for the target to handle.
A DNS amplification attack delivers fraudulent lookup requests to the Domain Name System (DNS), the internet’s “address book” that establishes that a website is what it purports to be and isn’t a fake. Like other DDoS attack, a DNS amplification attack can overwhelm a network. The Cybersecurity & Infrastructure Security Agency, part of the Department of Homeland Security, says this is a common type of attack and “can create an immense amount of traffic with little effort.”
Other hackers may use an IP fragmentation attack, which exploits the need for data to be fragmented into small packets in transmission before being reassembled, according to the security firm Imperva.
How to Prevent Your Devices From Being Used in a DDoS Attack
Even though individuals are rarely targeted by DDoS attacks, anyone’s devices can become part of zombie botnets used by cybercriminals without their owners’ knowledge. This highlights the need for good cybersecurity practices.
Protect Your Router
Your router – that gadget that links you and your devices to the internet – is a key entry point for cybercriminals and needs good protection. Make sure yours has strong encryption and a strong password, not the one you get when it comes out of the box. “One avenue of approach for
local attackers is to hop on to an unprotected wireless access point broadcasting throughout the
neighborhood,” says John Dickson, vice president at the security firm Coalfire. “You don’t want a bad guy doing things like initiating a spam or attacking others from a device that appears to come from your home.”
Even though individuals are rarely targeted by DDoS attacks, anyone’s devices can become part of zombie botnets used by cybercriminals without their owners’ knowledge.
Use Strong Passwords on Internet-Connected Devices
Even if your router is secure, an attacker might find vulnerabilities in internet-connected smart home devices. These can include home security systems, home security cameras, and internet-connected appliances like refrigerators, washers, and dryers; and smart speakers. Some of these come with weak passwords or none at all. “The bad guys see that, and then they pull them into their botnet so they have millions of IoT devices that they can then point at who they want,” says Holland. The easiest and best way to consistently come up with strong passwords for all your internet-connected devices is to use a password manager.
Use Antivirus Software
Good antivirus software on your phone, laptop, or tablet – which may also protect against spyware, adware, and other threats – is a key element in home cybersecurity. It’s also important to keep these programs updated, which all of our Best Antivirus Software companies do automatically for subscribers. Because hackers constantly update their attacks, security software needs to be updated to protect against the newest viruses. “You want to be sure you are running updated software to protect the machine and get updated [virus] signatures,” Holland says.
Related 360 Reviews
Why You Can Trust Us
At U.S. News & World Report, we rank the Best Hospitals, Best Colleges, and Best Cars to guide readers through some of life’s most complicated decisions. Our 360 Reviews team draws on this same unbiased approach to rate tech products that you use every day. The team doesn’t keep samples, gifts, or loans of products or services we review. In addition, we maintain a separate business team that has no influence over our methodology or recommendations.