Denial-of-Service (DoS) attack is a cyber-attack in which the services of a target are made unavailable to legitimate users through using a computer with multiple IP addresses or multiple computers in different locations to repeatedly make phoney requests from the target. Actually, this overloads the target, ties it up and prevents it from attending to requests from legitimate users. DoS attacks flood the target with heavy traffic until it can no longer function again. The attack can last up to months in extreme cases and definitely will cost businesses and organisations time and money due to the inability to render their services.
DoS attack overloads the target host’s bandwidth: On a wide web of computers or devices that have already been infected with malware it can launch a coordinated multiplicity of online requests from the target host, which it cannot handle—hence crashes its functions and blacks them out to legitimate users. Because DoS attack uses only one IP address, which is multiplied by simple tools that anyone can come by, it is easy to execute and at the same time easy to remediate by implementing a firewall with allow and deny rules—meaning that the IP address can be easily identified and denied further access using firewall.
Distributed Denial-of-Service (DDoS) attack
Nevertheless, there is a form of DoS attack that is not easy to detect let alone remediate: Distributed Denial-of-Service (DDoS) attack. In this case, a cybercriminal infects computers with malicious software in order to gain control of them (that is turning them into zombie systems) and through this means sends spam and fake requests to the target. This barrage of bogus requests overload the target and overwhelm its functions, which causes it to black out to legitimate users. This type of attack is executed from multiple sources and detecting the IP addresses thereof can be extremely difficult—because as one is detected and blocked, other ones are coming in with their requests. This makes isolating legitimate traffic from fake ones almost impossible, thereby making it hard for a server to withstand a DDoS attack.
In this case, the victim computers are turned into zombie systems by infecting them with malware that is gotten across through a Trojan horse attack—it enters the victim computers as a seemingly benign photo and attachment to an email. At a predetermined time the malware starts to send requests to a predetermined target. If the malware has affected enough computers and sent a barrage of coordinated requests to the predetermined target, it may be effectively tied up so that legitimate traffic cannot reach it. This network of compromised personal devices (zombie systems), which a cybercriminal can use without the knowledge of the owners, is known as a botnet.
An example of DDoS attack is the attack on Dyn’s server in October 2016. A botnet known as Mirail—which has gained control over accessible IoT devices such as DVRs, printers and cameras—was used to send an overwhelming number of requests to Dyn’s server, which caused it to crash from being overloaded. Dyn is an American company that hosts much of the internet domain name system—so when its server broke down, the internet traffic of North America was interrupted—websites of businesses were unavailable and services were halted. The victims include Twitter, Amazon, Paypal, Netflix, and so on.
Moreover, as businesses and consumers communicate amongst one another more and more through digital platforms, DoS (and indeed DDoS) attacks will be on the rise. Even a company that has high-security protocols in place may be attacked through attacking a member in its supply chain if this member has inadequate security measures—because DoS attacks exploit any vulnerability in software and hardware to exhaust the buffer memory or the CPU of the target. Besides, It can act as a front for other malicious cyber activities: For instance, when a target has been crippled by a DoS attack, the attacker can go behind the scene to bring down the target’s firewalls and weaken its security system for future attack plans. As has been stated herein earlier, DoS attacks can exploit the weak part of a digital supply chain—through preying on the weak link connected to all the primary targets. Hence if the security system of the primary targets is impenetrable, the connected weak link to them can be exploited and in turn land indirect damage on the primary targets.
Motives of Denial-of-Service (DoS) attacks
DoS attacks on its own only shuts down a target—after which no data breach is experienced. However, it can facilitate other malicious activities, like stealing of:
- Financial data,
- Sensitive personal data,
- Email address and login credentials
- Intellectual property—like product design and trade secrets, and
- To gain access to an IT infrastructure.
Exploits that are mostly utilised in Denial-of-service (DoS) attacks
Methods of DoS attacks (in terms of the number of systems required in each case) have been elucidated upon hereinbefore, during which it was made clear that DoS attacks exploit the vulnerabilities in software and hardware to shut down a target. The following are examples of the exploits that DoS attacks utilise in their execution:
- Abuse of Transmission-Control-Protocol: In this case, a DoS attack sends numerous suspicious IP address(es) as requests to the target—while it is trying to grant these overwhelming requests, it stops attending to other legitimate users, hence the denial of service to legitimate users.
- Ping Flood: This is the abuse of the Internet Control Messaging Protocol (ICMP) through echo requests—a situation in which a network administrator receives numerous specious network connections to it, and while trying to verify them, cannot verify the requests of legitimate connections.
- Buffer Flood: In a computing system, instructions are held in the buffer, which oversees what memory space an application needs for its running. The buffer memory is limited in capacity and can only handle enough requests at a time. In a situation where it receives an overwhelming number of requests simultaneously, it will be unable to handle them and hence suspend other activities.