To understand a DDoS, it is first necessary to understand two key concepts, which are directly related to the topic. Let's see some of them in a simplified way and with didactic examples outside of technology.
Denial of Service, Denial of Service or simply DoS, basically consists of making a system unavailable due to overload. As an analogy, we can use a blocked road. It is important for cars to pass, but it is not possible, because there is a driver who delays the flow of other cars.
A botnet, as the name implies, is a network of robots or, as you might imagine, computers that — even if the owners of the machines do not know — are centrally controlled by an attacker. The analogy in this case would be a group of cars that are blocking a section of the road because the drivers have lost control.
A Distributed Denial of Service (DDoS) is a more advanced, distributed type of DoS. In this case, the enemy uses a botnet in his favor, to increase the effectiveness of the attack.
As the attacker has access to multiple machines, spread around the world, the damage from the attack is much higher. It can cause the system to simply crash or worse.
It goes without saying that the damage from such an attack is enormous. Below, we see some of the actions that this attacker could take, taking advantage of the instability:
- Steal information, take advantage of unavailability;
- Install malware on the system;
- Using the target system as a new bot in your botnet in order to cause an even bigger attack;
- Threatening the company, asking for money to stop the attack;
- And much more…
At first it may seem like a distant or infrequently occurring problem, but DDoS has been making headlines more and more often.
See some recent examples of DDoS. It's possible that you remember or even suffered from any of these.
- December 2014 – The PlayStation Network (PSN) suffers a DDoS attack in the middle of Christmas, preventing users from playing games or shopping in the store.
- October 2016 — DNS provider called Dyn suffers a massive DDoS attack affecting several popular websites including Twitter, Spotify, Netflix and Reddit.
- September 2017 — Google suffers one of the biggest DDoS attacks in history.
- February 2020 — The giant AWS reports that it managed to mitigate a strong DDoS attack on its services.
We live with DDoS on a daily basis and sometimes we don't realize it. This is because there is a large team working behind the scenes, so that the availability — itself, of the CIA triad — is re-established.
Prevention and Mitigation
But how to protect yourself? How to prevent an attack of such large proportions from occurring or, even if it does, prevent it from disrupting business operations?
It is recommended, to avoid or mitigate this type of attack, that a solution be implemented to monitor network activity in order to block as much suspicious traffic as possible. These solutions include:
- Firewalls with access control rules, IPS (Intrusion Prevention Systems), to automatically block unwanted traffic;
- Use a Load Balance system, so that network traffic is distributed and not concentrated on a single server. Thus, we avoid a single point of failure.
- Training, after all, there is always the human factor in the equation. Employees, networking and incident response teams must be prepared so that, even if a DDoS occurs, it has minimal impact on the company.
- And, of course, keep all systems updated with the latest patches in order to minimize vulnerabilities.
With this, it is possible to reduce the chances of this type of attack, even though “total security” or “zero failures” are almost folk terms.
Much is said about the importance of system availability, and with good reason. In fact, this topic should be much more propagated and debated.
Even so, we must remember that Security is the greatest ally of Availability. Without security, any attack or incident can cause interruptions in the functioning of services for users, further amplifying damage and loss, which may be irreversible.
Can a company survive without cybersecurity these days?