What is DDoS Attack and How to protect your Website

A Distributed denial-of-service attacks (DDoS) target websites and online services. The aim is to overwhelm them with more traffic than the server or network can accommodate. The goal is to render the website or service inoperable.

The traffic can consist of incoming messages, requests for connections, or fake packets. In some cases, the targeted victims are threatened with a DDoS attack or attacked at a low level. This may be combined with an extortion threat of a more devastating attack unless the company pays a cryptocurrency ransom. In 2015 and 2016, a criminal group called the Armada Collective repeatedly extorted banks, web host providers, and others in this way.

DDoS attacks are sometimes done to divert the attention of the target organization. While the target organization focuses on the DDoS attack, the cybercriminal may pursue a primary motivation such as installing malicious software or stealing data.

DDoS attacks have been used as a weapon of choice of hacktivists, profit-motivated cybercriminals, nation states and even — particularly in the early years of DDoS attacks — computer whizzes seeking to make a grand gesture.

• Common DDoS attacks

Here is a list of the more popular types of DDoS attacks:

• SYN Flood

SYN Flood exploits weaknesses in the TCP connection sequence, known as a three-way handshake. The host machine receives a synchronized (SYN) message to begin the “handshake.” The server acknowledges the message by sending an acknowledgement (ACK) flag to the initial host, which then closes the connection. In a SYN flood, however, spoofed messages are sent and the connection doesn’t close, shutting down service.

• UDP Flood

The User Datagram Protocol (UDP) is a sessionless networking protocol. A UDP flood targets random ports on a computer or network with UDP packets. The host checks for the application listening at those ports, but no application is found.

• HTTP Flood

HTTP Flood appears to be legitimate GET or POST requests that are exploited by a hacker. It uses less bandwidth than other types of attacks but it can force the server to use maximum resources.

• Ping Of Death

Ping of Death manipulates IP protocols by sending malicious pings to a system. This was a popular type of DDoS two decades ago, but is less effective today.

• Smurf Attack

A Smurf Attack exploits Internet Protocol (IP) and Internet Control Message Protocol (ICMP) using a malware program called smurf. It spoofs an IP address, and using ICMP, it pings IP addresses on a given network.

• Fraggle Attack

A Fraggle Attack uses large amounts of UDP traffic to a router’s broadcast network. It’s similar to a smurf attack, using UDP rather than ICMP.

• Slowloris

Slowloris allows attackers to use minimal resources during an attack and targets on the web server. Once it has connected with its desired target, Slowloris keeps that connection open for as long as possible with HTTP flooding. This type of attack has been used in some high-profile hacktivist DDoSing, including the 2009 Iranian presidential election. DDoS mitigation with this type of attack is very difficult.

• Application Level Attacks

Application Level Attacks exploit vulnerabilities in applications. The goal of this type of attack is not to go after the entire server, but applications with known weaknesses.

• NTP Amplification

NTP Amplification exploits Network Time Protocol (NTP) servers, a long-time network protocol used to synchronize computer clocks, in order to overwhelm UDP traffic. This is an amplified reflection attack. In any reflection attack, there is a response from the server to a spoofed IP address. An amplified version means the response from the server is disproportionate to the original request. Because of the high bandwidth used when DDoSed, this type of attack can be devastating and high volume.

• Advanced Persistent DoS (APDoS)

Advanced Persistent DoS (APDoS) is an attack type used by hackers who want to cause serious damage. It uses a variety of the styles of attacks mentioned earlier (HTTP flooding, SYN flooding, etc.) and regularly targets multiple attack vectors that send out millions of requests per second. APDoS attacks can last for weeks, largely due to the ability of the hacker to switch tactics at any moment and to create diversions to elude security defenses.

• Zero-Day DDoS Attacks

Zero-day DDoS attack is the name given to new DDoS attack methods that exploit vulnerabilities that have not yet been patched.

• How to protect your website for DDoS

DDoS attacks can disrupt your online business and tarnish your company’s reputation. Here are 10 concrete actions you can take to strengthen your company’s security posture and protect your business against DDoS attacks:

1. Know your traffic. Use network and application monitoring tools to identify traffic trends and tendencies. By understanding your company’s typical traffic patterns and characteristics, you can establish a baseline to more easily identify unusual activity symptomatic of a DDoS attack.
2. Build your defensive posture during peacetime, steered by your executive team’s risk assessment guidelines. Be sure to analyze risk and prioritize DDoS mitigation and service recovery efforts in meaningful business terms like lost revenue in accordance with your company’s strategic information risk management models.
3. Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore core geographies and business-critical services in the face of a DDoS attack.
4. Eliminate political obstacles and organizational barriers that might impair SecOps agility. Time is of the essence when responding to a DDoS attack. Empower your security team to quickly enact defenses without a peer chain of approvers.
5. Include cybersecurity in business continuity, disaster recovery, and emergency response planning. DDoS attacks can be as devastating to the business as a natural disaster and should be an integral part of your company’s incident preparedness plans. Be proactive — create run books and carry out desktop exercises to improve readiness.
6. Practice good cyber hygiene. At the risk of stating the obvious, a strong DDoS defense strategy begins with sound online hygiene practices. Foster a security-oriented corporate culture and be sure developers and system administrators follow industry best practices for cybersecurity.
7. Use a combination of automated and human mitigation. Attackers continually evolve their tactics to avoid detection and outflank security solutions. You’ll need the right combination of people, automation, and processes to stay one step ahead of the bad guys and defend against increasingly sophisticated, continuously evolving attacks.
8. Consider implementing a Zero Trust security model. A Zero Trust framework can help protect against DDoS attacks by enforcing least-privileged access and ensuring only authorized users gain access to critical applications and services.
9. Engage your upstream providers to prepare and address risks. Work proactively with your upstream service providers to evaluate DDoS risks and develop readiness and recovery plans.
10. Test, re-test, document, and measure. Incorporate DDoS attacks into penetration testing to simulate complex attacks, identify vulnerabilities, and shore up defenses.

• Be Proactive

DDoS attacks can disrupt your online presence, impair productivity, and impact the bottom line. By taking a proactive approach — aligning people, processes, and automation — you can defend against DDoS attacks and minimize service disruptions. Following these 10 recommendations will strengthen your company’s security posture and reduce risks.