Posts

DDos types include volumed based, protocol, and application layer attacks

Types of DDoS Attacks: Explanation for the Non-Tech-Savvy

DDos types include volumed based, protocol, and application layer attacks

When major cyber attacks are made public, we often hear about their magnitude and strength. More often than not, the media is talking about DDoS attacks. Deloitte for example revealed that the year 2016 “saw the first two [DDoS] attacks of one terabit per second (Tbps) or more.” But what does this actually mean? One terabit in itself sounds huge, but in order to understand what these measurements mean it’s important to understand the different types of DDoS attacks. It’s likely that you’ve heard of very specific DDoS attacks with unique names like ‘Ping of Death’ and ‘Smurf DDoS.’ But in spite of these fancy names DDoS attacks can generally be divided into three broad categories: volume-based attacks, protocol attacks, and application layer attacks. With these frameworks in mind, you’ll be able to decode all that talk about DDoS – even if you consider yourself to be among the non-tech-savvy. 

Volume-Based Attacks


Volume-based DDoS attacks are the most common out of the three. To carry out this kind of cyber attack, hackers utilize many computers and internet connections (often distributed around the world) to flood a website with traffic so that an overwhelming amount clogs up the website’s available bandwidth. As a result, legitimate traffic is unable to pass through, and hackers are able to successfully take down the website. Volume-based attacks are measured in bits per second (Bps).

An example of a volume based attack is the UDP flood. Hackers take advantage of a sessionless networking protocol known as the User Datagram Protocol (UDP), which is essential to the Internet protocol (IP) suite. (To read about how UDP works read here). In a UDP flood, a hacker overwhelms random ports on the targeted host so that as more UDP packets are received and answered, the system is unable to handle the volume of requests and thus becomes unresponsive.

Protocol Attacks


Unlike volume-based attacks, protocol attacks aim to exhaust server resources instead of bandwidth. They also target what is known as “intermediate communication equipment,” which in simpler terms refers to intermediaries between the server and website, such as firewalls and load balancers. Hackers overwhelm websites and these server resources by making phony protocol requests in order to consume the available resources. The strength of these attacks are measured in packets per second (Pps).

One example of this type of attack is the Smurf DDoS. Hackers exploit Internet Control Message Protocol (ICMP) packets which contain the victim’s spoofed IP and then broadcast the IP to a computer network using an IP broadcast address (used to transmit messages and data packets to network systems). If the number of devices on the network is large enough, the victim’s computer will be flooded with traffic since most devices on network respond by default to the source IP address.

Application Layer Attacks

Generally, application layer attacks require fewer resources than volume-based attacks and protocol attacks. This type of attack targets vulnerabilities within applications (hence their name) such as Apache, Windows and OpenBSD. In true DDoS nature, application layer attacks bring down servers by making a large number of requests that appear legitimate at first by mimicking a users’ traffic behavior. But because application layer attacks are only targeting specific application packets, they can go unnoticed. Application layer attacks look to disrupt specific functions or features of a website such as online transactions. The strength of these attacks are measured in requests per second (Rps).

One example of an application layer attack is the Slowloris. Slowloris is able to cause one web server to take down another. By establishing connections to the target server and only sending partial requests, Slowloris “holds” open many connections to the server for as long as possible. As it constantly sends more HTTP headers (HTTP headers allow the client and the server to exchange additional information) and only sends partial requests, it never completes a request which eventually overwhelms the maximum allowed and prevents further connections from being made.

While volume-based attacks, protocol attacks, and application layer attacks define broad categories of DDoS attacks, not all attacks fall into a perfect category. This is because DDoS attack methods are evolving everyday. In fact, a new trend includes “blended attacks.” Hackers may launch a protocol attack to create a distraction and then launch an application layer attack since they take more time to find the vulnerabilities within the application layer. Blended attacks are increasing in frequency, complexity and size. Without the proper defense system in place, they have the potential to cause unimaginable damage. To read more about how DDoS attacks affect different industries check the blog post, “DDoS Attacks: Their Top 5 Favorite Industry Targets.”

A DDoS hacker

Who’s Behind DDoS Attacks and How Can You Protect Your Website?

DDoS attacks are increasing in intensity, frequency, and sophistication. So who’s behind DDoS attacks and why do they execute these attacks? What can you do to stop them? Despite all this innovating and evolving, DDoS attacks are still a blunt weapon deployed for one single basic purpose: to make target websites unavailable to users. There is very little else accomplished by a DDoS attack; they won’t gain admin access to your site, and your data isn’t threatened (unless the DDoS is a smokescreen to distract from the real attack). This may be done to disrupt an online business’s finances, or interfere with free speech, or for petty revenge. Or, it can even be done out of boredom or to further a political agenda.

Defend Your Website Against DDoS

A DDoS hacker

A DDoS attack can be aggravating, but who’s behind it?

Anyone could carry out a DDoS attack, so long as they have access to a botnet of enslaved devices that can be coordinated to strike a target. Oh, you mean you don’t have one of those lying around? That’s okay, there are plenty of DDoS-for-hire services known as booters that will do your dirty work.

Last year, the infamous hacking collective Lizard Squad launched the Lizard Stresser, granting DDoS access to anyone willing to pay. And it’s pretty cheap. It starts at $6 per month goes to “lifetime” plans. Anyone can sign up and target any site. Of course, operating this software isn’t exactly legal. Users of Lizard Stresser tend to be young, with a third of investigated users aged under 20.

A lizard

Lizards and websites don’t mix.

Other Reasons for DDoS Activity

A large amount of DDoS activity happens within the gaming community. This is where competitiveness and emotions run high. Both players and platforms make a ripe target. Gaming sites are especially vulnerable, because all an attacker needs to do to make a game unplayable is to slow it down, rather than outright taking it offline. Players might seek vengeance on an opponent in a more meaningful way than teabagging. Or perhaps they just want the notoriety of launching a high-profile attack that everyone’s talking about.Gamers, Hacktivists, and Extortionists

Hacktivism is another common motivation behind DDoS attacks, in which case a DDoS user may simply want to attack an opposing viewpoint. This could be disapproval of an unpopular program, or it could be simply to take down a negative review posted on someone’s website. When the New York Magazine published its cover story on the Bill Cosby scandal, a conveniently timed DDoS attack lost them an estimated half a million page views. The attacker, rather than defending Cosby, took out the magazine website because he hated the city.

New York

Pictured: New York City, not New York Magazine.

A targeted company would receive a message demanding a ransom that must be paid. Otherwise, the website will be taken out by a massive DDoS attack. To show they mean business, the attackers will send out a warning shot DDoS attack of limited power and duration. Some companies pay the ransom to take care of the problem. Or they’ll buy time to upgrade security. However, most security specialists advise against paying off the attackers, as it will expose your site as an easy target and damage your reputation. But perhaps the most insidious use for DDoS tools is to hold websites for ransom. This trend started taking off in the second quarter of 2015, Even this year, financial institutions are increasingly being hit. Groups like DD4BC go after second- or third-tier financial websites, especially new fintech companies with a focus on banking and credit unions, currency exchange, and payment processing.

Cloudbric can help!

DDoS attacks can hit anyone, so it’s best to take measures to protect your website. A web application firewall such as Cloudbric blocks botnet traffic. It disarms attacks by filtering them on the server level, so they’re as harmless as waves washing up on the shore. If your website isn’t already secured against DDoS attack, it’s time to start now. The tide is coming in.

Boy Programming On Computer With Multiple Monitors And Laptop On Desk

7 Ways to Expose Your Website to Hackers

So you want to serve up your website for any hacker to break into. Sure, weirdo…who am I to judge?

Here are 7 things you should not do unless you want your website hacked:

Once again, if you’re a sensible human being you really should never find yourself doing any of these things.

1. Ignore Security Updates

They may be a nuisance, but updates patch up newly discovered bugs in software. Not installing updates and patches makes it a lot easier for hackers to compromise your device or web app. If you want your website hacked, ignore all security patches, plugin updates, and updates for CMS services such as WordPress or Drupal.

2. Use as Many Different Features and Plugins On Your Site As Possible

Plugins introduce many new potential vulnerabilities to your website, similar to how adding more windows makes your submarine less seaworthy. Be sure to load up on file uploaders, video players, ad managers, analytics, and whatever else you can cram in, even if you don’t need any of it.

3. Set a Really Dumb Password

Setting your password as something easy like “123456,” the always-clever “password,” or matching your password to your username saves hackers a lot of time. You can also help by using the same password for your computer, e-mail, FTP access, and Ashley Madison account, so that once one is compromised, all of them exposed.

setting a password to protect website security

4. Mismanage Your Website and Its Contributors

Just let security be someone else’s job, and don’t take any notice. Be sure to give your employees or contributors full admin access to your website, and make sure not to update your passwords after they leave. Sooner or later, something bad will happen.

5. Don’t Put Together a Security Incident Response Plan

No need to prepare for the worst when you’re counting on it. What if your site gets disabled, or deleted, or information is leaked? How do you detect it, how do you respond, and how do you disclose it? Those are questions that should be considered by anyone who doesn’t want to get hacked.

6. Don’t Bother Securing Your Domain With SSL

SSL encrypts communication between a website’s server and a user’s browser, especially useful in protecting online transactions and payments. But it thwarts man-in-the-middle attacks in which a hacker gets between server and browser and can monitor or alter communication. So if you want to endanger your customers’ privacy, forget about HTTPS — HTTP is the way to go!

7. Don’t Use a Web Application Firewall

A web application firewall can protect your site against the worst online threats, including DDoS attack, SQL injection, and cross-site scripting (XSS), so if you want to make it easier for hackers to overrun your website, the last thing you should do is secure it with a web app firewall like Cloudbric, Imperva, or Cloudflare.


 

This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

ddos attack net of thieves over a computer desk

DDoS Top 6: Why Hackers Attack

Lately, it seems like the companies that haven’t had their web and cyber security compromised are in the minority.

Many are hit hard by web vulnerability attacks. Specifically we see an increase in DDoS (Distributed Denial of Service) attacks. With DDoS, the attacker’s main goal is to make your website inaccessible using botnets. Botnets are basically an army of connected devices that are infected with malware. Your website’s server becomes overloaded and exhausted of its available bandwidth because of this army. Much of the time, the attack doesn’t usually even breach your data or go over any security parameters.

So if it’s not to breach your data, why would someone go through the effort to shut down your website? There are a multitude of reasons, but today we’ll look at the top 6 reasons for a Distributed Denial of Service Attack.

1. Some (not-so) friendly competition

As more and more enterprises are taking their storefronts to the cyber world – there is also competition within the cyber world.

In fact, in a recent survey nearly half the responding businesses said that they believed that their competitors were launching DDoS attacks in order to disrupt services. After all, if your competition’s website is down, all the traffic will come to your website instead. Additionally, your competition’s brand image is tarnished, giving positive associations to your company instead.

Even if an entrepreneur may not be skilled in hacking, DDoS attacks are now available for hire, and attacks can be executed for a fairly low price on the dark market.

2. DDoS for Hacktivism

As we’ve noted, DDoS attacks aren’t necessarily about taking data. It can be used to strongly voice an opinion – any opinion. Voicing your opinion on the Web can have a bigger and faster effect than if you were to attend an in-person rally or strike. DDoS is often used to show support or opposition regarding a certain topic. It could be political (see below), but also for/against businesses or banks, ethical concerns, or even an online game.

3. All about politics

A subset of reason #2, DDoS attacks can also happen between countries or governments. The Web is the newest battlefield. DDoS attack victims can be government websites. While the sites could have been attacked by apolitical hackers, many do believe that governments or political parties often attack each other using the DDoS method.

As most governments rely on the Web to communicate and run their country, this has proven to be an effective method to show political opposition.

4. Seeking their revenge

An extremely common reason for DDoS attacks, this situation could apply to businesses, individuals, as well as governments. Not necessarily to give an opinion, attacks are used to seek revenge on your enemy. There’s no need to get your hands dirty at all.

For example, there have been increasing instances of previous employees hiring DDoS attacks on the dark market to seek revenge on their former employers. We’ve previously written on internal data breaches by present or past employees, but this is yet another form of when one person holds a grudge and it affects an entire company.

5. A precursor for something bigger

On New Year’s Eve of 2015, BBC was reportedly attacked with a DDoS attack measuring over 600 Gbps, beating out the previously set record of 334 Gbps. The attackers who claimed responsibility, New World Hacking, said that it was simply “testing.” More recently, the hacking group PoodleCorp took responsibility for shutting down the trending Pokemon Go game using the DDoS attack and they claimed that they were also testing for something on a larger scale.

A hacker may be preparing for something new like the above two cases, or they may be using the attack as a distraction for a larger attack, hoping that they won’t be found out. This is one case where the attack may be used indirectly for a security breach.

6.Some plain ol’ fun?

And lastly, sometimes there’s really no rhyme or reason to why DoS or DDoS attacks happen.

There’s a misconception that there is a specific reason behind all attacks. However, this is simply not the case. Many hackers get an adrenaline rush from hacking into a system or a website, no matter how big or how small it may be.


Therefore, there’s the responsibility as the individual user or as the CIO/CTO of a company to ensure that security measures are being taken. One needs to prepare for an attack because no one is ever exempt from the chances of an attack.

So what are these security measures I speak of? In my opinion, the most essential step you can take is to protect yourself with a WAF (Web Application Firewall). By using WAF services like Cloudbric or a WAF like WAPPLES, you can make sure your website is continuously protected.

For more information on Cloudbric (full service website security provided for free if your website’s bandwidth is under 4GB/month), check out their website and find out more about WAPPLES, the WAF they use for their service.