Denial of service attacks present a major threat to the world, but we may be set to see it get much worse as IoT devices continue to flood the consumer market.
The term denial of service will strike fear into the hearts of many organisations and individuals that have been targeted by this kind of attack. Whether permanent or temporary disruption is caused by the attack, denial of service is when a hacker forces an internet-connected host to be unable to function.
A more high-profile variation of this form of attack is the distributed denial of service; a hacker channels an overwhelming volume of traffic toward its target from as many sources as possible.
This bombardment ultimately incapacitates the victim, left unable to barricade itself against the multitude of entry points, with customers or users of the target’s services also prevented from gaining access.
DoS and DDoS attacks are made all the more troubling by the fact that they are purely destructive, meaning that malicious intent is commonly behind the attacks. Over the years there have been examples of activism, blackmail and revenge as driving factors behind the launching of this kind of cyberattack.
CBR is setting out to look inside the world of denial of service attacks, to find out how they are orchestrated, the damage they have been known to do, and what we can expect from this fearsome form of attack in the near and more distant future.
How to launch one
You might think that the planning stages behind these attacks are extensive, but really not a great deal of forethought is required to launch a dangerous denial of service attack.
Once you have honed in your target system, locating open ports or vulnerabilities in the target is the next important step in the process. Prime targets could be email servers, DNS servers or Web servers, given the likelihood that incoming connection requests will be accepted.
Now that these basics have been established, just a pure brute force approach to drowning the target with traffic remains, but this step is not always quite that simple. For success, the attacker must be able to summon up enough traffic to hit the target with to deny it of service.
Making complex DNS queries at an extremely high rate could be enough to make weaker systems suffer and fall into the hands of your attack, but many targets will be able to stand up to this simplistic method.
This is not the only option however, especially if you are able to tap into the destructive power of an army of zombies. In this sense, a zombie is a device enslaved by a hacker to be used as part of the attack, a single device is not enough to generate a sizeable enough attack on its own to cause a denial of service. Here we have touched on a deadly combination, entering into the world of botnets, a network of hijacked devices that can be used in sync to deliver a crushing blow with an unstoppable torrent of traffic.
This army of devices brought together by an attacker to generate overwhelming traffic is not comprised solely of computers. In fact, mobile devices, servers, PCs or internet of things devices can be enslaved for malicious purposes, but it is this last example that is set to be the harbinger of a new era of powerful DDoS attacks.
IoT devices are flooding into the consumer market while also being used increasingly within industry, and while manufacturers gleefully tend to the demand for everything to be connected, security professionals shudder at the prospect of the tinderbox scenario.
IT security experts are often highly concerned by the negligence of manufacturers when equipping these mass produced devices with security that can stand up to modern threats, meaning that hackers can go unchecked as they secretly harness more and more devices.
Towards the end of 2017, researchers claimed to have discovered a frightening behemoth of a botnet that they believed at the time could have infected over a million IoT devices. Cameras stood out among the devices involved, and perhaps more worrying were the similarities it bore to the notorious Mirai botnet.
The massive botnet has been given the name ‘Reaper’, an apt name given that it does not rely on subtlety for attacks, instead working by hijacking and using its vast power directly against its victims. Not yet slowed or defeated, the Reaper botnet is a glimpse of the monster we may be creating by excitedly connecting devices to the internet; some professionals have even considered this botnet big enough to kill the internet.
How to defend against it
You will stand a vastly improved chance of avoiding the destructive power of a denial of service attacks by leveraging these methods of defence. Firstly, it could prove very beneficial to use statistical patterns and filter illegitimate traffic.
Honeypots are also a way of protecting your organisation that are increasing in popularity as it becomes harder and harder to guarantee that you have not been breached. As the name suggests, these attack rely on dummy servers to give away the presence and activity of an attacker, with the honeypot inaccessible to customers. This form of defence is included in the Gartner top strategic trends prediction for 2018, looking at this method as a key to better protection in 2018.
Another reliable form of mitigation is throttling, this allows an organisation to control a maximum level of traffic flow, preventing a system being forced to its limits by a sudden violent spike to traffic. Also known as rate-limiting, the method could also prove useful for identifying attacks for heightened protection in the future.