Sunday, November 28

DDoS attacks: what they are and how they are orchestrated

It might seem like there is a new one every five minutes, but what really is a DDoS attack?

Man in dark room in front of computer screen, generic computer

Photo: Pixabay

In the last week, New Zealand has seen two major DDos attacks this week affecting NZ Post, Kiwibank, Metservice and others and last week several Internet Service Providers. The headline “company interrupted by a DDoS attack” has become very common in recent months. So what is it really?

First things first, a DoS attack is a denial of service attack. The intent is to make a network, website, or other computer service unavailable to intended users by exceeding its ability to process requests. DDoS is when those requests come from distributed sources or from many different places.

That’s how CERT NZ describes it:

When you type a URL for a web page in your browser, it sends a request to the site’s computer system requesting to view that web page. DoS attacks work by “flooding” a website with bogus requests in an attempt to overload the system. Since websites and networks can only process a certain number of requests at a time, this blocks any genuine request from passing through.

Think of it as the other type of traffic. If the number of cars is normal, in theory, traffic should flow easily and everyone should reach the correct destination on time. If the traffic flow increases exponentially, from all different directions and without merging like a rack, the traffic will stop. Then all the services in the city that depend on the roads are paralyzed: there is no pizza delivery, there is no replacement bus from train home.

What it ends up looking like is that a website can’t load or loads slowly, or that a payment can’t be made, or that people’s internet isn’t working. Cars on the road cannot reach their intended destination.

The distributed part relates to the practicalities of how attackers can best deny service. To overwhelm a large service like a bank, an attacker may find it difficult to do so from one place, so recruiting many other computers and their network connections provides a way to attack the victim. Sometimes this group of attackers does it on purpose, but more often the systems performing the attack are co-opted into a separate previous attack.

The most important distributed attacks have occurred when flaws in Internet services can be exploited to attack, such as one experienced by Amazon in 2020. To understand how big that attack was, 2.3 terabits per second was roughly the capacity of the entire New Zealand link to the international internet in 2014 (today the Cable of the Southern Cross it can handle around 10tbps and there are extra cables).

Sometimes the security controls that companies and network operators put in place to prevent these attacks cause the same problem they are trying to prevent. This is reportedly the cause of last week internet court, where the service provider Vocus activated its defense mechanisms, but this service mistakenly deactivated thousands of more homes and businesses, causing more impact than the original attack. A similar scenario unfolded for the 2016 Australian Census.

While the headlines often say something like “Hackers bring down the website,” one of the important things to know is that the data that websites may contain is generally safe. The attackers are not inside the system, they are bombarding it from outside.

Of course, the attack could be a distraction to do exactly that. Or it could be to extort money, as was probably the case when New Zealand’s NZX was the victim of several days of DDos attacks last year. It could be activism, like when the “hacktivist” group Anonymous attacked Visa, Paypal and Mastercard. Or it could just be malice.

If it seems like DDoS attacks have had a little revival, it may be true. With so many working from home over the past 18 months, people are heavily reliant on digital tools. Akamai Technology Company said last year that he had seen more customers attacked than in any year since 2003. (Of course, Akamai also sells instruments companies can use to protect against DDoS attacks).

At the end of last year, the National Cyber ​​Security Center said that a number of New Zealand organizations had been affected by DoS events. Their report says that attackers who intend to disrupt the availability of systems can be just as malicious as those who seek to steal confidential information. “[The attacks] demonstrated the ability for less sophisticated malicious cyber activity to have a high national impact. While DDoS activity has been commonplace for more than 20 years, in recent years there has been an increase in the scale and complexity of DDoS activity. “

Calculating the cost of denial of service attacks is difficult. But if businesses can’t function, lost productivity can affect everyone. And with the pandemic forcing many people to work from home, the impact is greater than before; ask any parent who tries to work while Zoom is not available.

Leave a Reply

Your email address will not be published. Required fields are marked *