29 Jun, 2020

DDoS Attacks Demystified

by nVisium

Most CISOs are familiar with the 10 most common cyber-attacks including: Malware, Birthday, Eavesdropping, Cross-site scripting (XSS), SQL injection, Password, Drive-by, Phishing/Spear Phishing, Man-in-the-middle and Denial-of-Service/Distributed Denial-of-Service. The recent headlines reporting on the last in this list warrants further exploration of the subject.

What is a ddos attack?

The first Denial of Service attack is credited to “mafiaboy”, a 15-year-old Canadian hacker, in February of 2000 and it didn’t take long to for cybercriminals to realize that distributing the attacks across multiple sources would make it extremely difficult to prevent, thus the rise of DDoS. Wikipedia describes a distributed denial-of-service (DDoS) attack is:

“where the perpetrator uses more than one unique IP address or machines, often from thousands of hosts infected with malware. A distributed denial of service attack typically involves more than around 3–5 nodes on different networks; fewer nodes may qualify as a DoS attack but is not a DDoS attack. Since the incoming traffic flooding the victim originates from different sources, it may be impossible to stop the attack simply by using ingress filtering. It also makes it difficult to distinguish legitimate user traffic from attack traffic when spread across multiple points of origin. As an alternative or augmentation of a DDoS, attacks may involve forging of IP sender addresses (IP address spoofing) further complicating identifying and defeating the attack.”

The nodes used for DDoS attacks can literally be any form of computing device. These devices can range from the largest of super computers to the smallest of internet of things (IoT) devices. As more IoT devices come online the DDoS treat magnifies. CIO magazine reported Why IoT devices are the 'unusual suspects' in DDOS attacks and goes on to say “enlisting an IoT device for a DDOS attack isn’t hard.”

current ddos attacks

Unfortunately, according to CIODive arranging a DDoS attack through the black market can cost between $5 for a 300-second attack to $400 for a 24-hour attack. It is no surprise that headlines still abound describing current attacks:

  • TweekTown reported: Hundreds of thousands of Americans hit with T-Mobile, Sprint, AT&T, and Verizon outages.
  • BankInfoSecurity reported: UpNp Vulnerability Could Affect Billions of IoT Devices leaving them vulnerable to distributed denial-of-service attacks as well as data exfiltration
  • SecurityWeek reported: Akamai, Amazon Mitigate Massive DDoS Attacks
  • The Daily Swig reported: DDoS surge driven by attacks on education, government, and coronavirus information sites
  • DarkReading reported: Hosting Provider Hit With Largest-Ever DDoS Attack

Digitalattackmap.com displays a real-time view of the top daily DDoS attacks worldwide and provides an interactive map that can be filtered along the lines of large versus unusual and color the attack by type, duration, source port or destination port. The website also reports that more than 2,000 DDoS attacks are observed daily and more than 1/3 of all downtime incidents are due to DDoS attacks.

an ounce of prevention is worth a pound of cure

By integrating security into the development process, nVisium strives to find and help fix security vulnerabilities in our client's software while teaching our clients the importance of incorporating security from the ground up. We offer a range of comprehensive services to ensure that you and your company are protected from cyber threats, including security assessments, software assurance, and training.

Bottomline is that you will ultimately need to start with security assessments for:

  • Applications: A standard assessment combines static and dynamic analysis, which allows our team to evaluate all aspects of an application and test risk mitigation solutions, This service also offers the most precise remediation advice.
  • Internet of Things (IoT): IoT presents its own unique set of security challenges and requires a broad skillset for assessing. Our IoT assessments identify weaknesses in an entire IoT architecture including software, hardware, API, and web/mobile components.
  • Networks: Using a combination of automated and manual techniques, our team will identify risks to your systems and networks that attackers could find and exploit. We will provide detailed information of our findings along with recommendations to help remediation efforts.
  • Mobile: Identify weaknesses in how an application interacts with the mobile device, the remote APIs it communicates with, how the application is written, and the libraries it uses to function.
  • Cloud: Assessments of AWS, Azure, or GCP go beyond the simple security issues that are easily detected through automation. We get to know the business purpose behind your architecture, review the design, and begin an analysis of security controls, monitoring and alerting, hardening, and IAM policies and permissions…. And BTW, we are an AWS Partner

Do you want to be the next headline due to a security breach or do you want to uncover vulnerabilities with an independent security assurance assessment?   Schedule a demo today.

DevSec Training DDoS Attack cyberattack prevention

RECENT POSTS