The web offers a lot of opportunities, but with them, threats are sure to follow. The faster the technological advance, the more security gaps appear. Just in the last year, we’ve seen an unprecedented increase in the number of denial of service (DoS) attacks. DoS attacks account for more than 55% of all annual cyber crime and are the most costly cyber crimes. These attacks specifically target the vulnerabilities of hosting, nameserver, and IT infrastructures.
Denial of service renders a website or system unavailable to users, and a successful one can hit an entire online user database. That’s why DoS awareness and protection is critical to any cyber security plan.
What Is a DoS Attack?
In short, the purpose of a DoS attack is to make a host, device or environment unavailable for its intended purpose. The attacker typically causes the disruption by flooding the device with excessive requests, overloading the device and preventing the fulfillment of legitimate requests. Think of when a website is extremely slow due to increased traffic. DoS attacks simulate increased traffic through automated processes.
A cyber criminal often uses a DoS attack to take down websites, but they can also cause disruption on any application environment in order to prevent business functions from operating normally.
Types of DoS Attacks
Distributed DoS (DDoS) – The perpetrators attack by sending traffic requests from many different sources – potentially thousands. This becomes difficult to stop as there is not a single IP address to block, and it can generate more than a terabit of traffic per second. This is the type of attack we hear about most frequently, and it is sometimes used as a synonym for denial of service.
Advanced Persistent DoS (APDoS) – This is a more sophisticated and complex DoS attack often concentrated on a specific target (governments, large organizations) with a defined goal (political, business). These assaults are conducted by groups with significant hardware resources and detailed plans. They will use varying intervals and request types, and may switch between targets to generate a diversion and prevent DoS protections from initiating. These types of attacks can generate petabits (1000 terabits) of traffic per second.
Denial of Service as a Service – These are web front-end “stress” services. They may be legitimate (or marketed as such) services used to perform stress testing of an environment to determine if it will handle the planned volume. These services can be used by organizations to simulate a DoS for legitimate testing, but can also be used to perform unauthorized DoS attacks by less sophisticated individuals or groups.
Email bomb – An attempt to overload an email environment by sending a significant volume of spam messages.
How to Spot a DoS Attack
If your organization does not have DoS protections in place, you should escalate quickly to the IT team if you see any of the following. Even if it is not a DoS event, there could be other issues that need to be addressed. The sooner you can identify abnormal conditions, the more likely you are to be able to prevent or mitigate performance or business impacts.
- Unusually slow network access (opening files/shared files, internet access, or application performance).
- Lack of access to an internal or organizational website/webpage or application.
- Dramatic increase of spam emails. Since most organizations filter spam, this may only be visible by IT. (See email bomb above)
- Long term lack of access (multiple minutes) to a website or webpage.
- Intermittent access to an environment.
- Increased traffic to an environment. You can identify this through network monitoring tools and configured alerts.
DoS Attack Prevention
The hard truth is you can’t always prevent DoS attacks. The fact is that cyber criminals are going to attack and some are going to hit their targets, regardless of the defenses in place. However, there are steps you can take to spot an attack and mitigate your risk.
Front-end hardware. Use hardware or appliances that analyze network packets before sending it on.
Upstream filtering. These services filter traffic prior to it traveling inside the network. There are multiple credible “cleaning centers” or “scrubbing centers.”
Network configuration and devices. Use of firewalls and router settings can help limit attacks and prevent simple attacks.
Intrusion Prevention Systems (IPS). IPSs prevent attacks with detectable signatures.
DoS Defense System (DDS). As attacks become more sophisticated, the content may be legitimate, but have a malicious intent; a DDS can block this content that would pass through an IPS. There a some trusted and well-regarded service providers that specifically protect from DoS and DDoS attacks.
The rising popularity of websites and web-based applications has been quickly followed by a corresponding boom in the number and cost of DoS attacks. We must respond with preparedness and a plan. You must understand the vulnerabilities of your systems, how an attack might occur, the implications of an attack on your business processes, and what you can do to address the attack as it is happening.