Why large-scale DDoS attacks are on the rise
The internet of things has enabled companies in almost every industry to improve their operational efficiency, streamline key workflows and obtain greater visibility over critical IT assets. But as organizations integrate more internet-connected devices into their computing environments, the need for strong and reliable cybersecurity grows increasingly important. For one, most consumer and enterprise IoT do not have built-in firmware or default security controls, which makes them highly vulnerable to targeted attacks. Considering worldwide spending around IoT hardware and software is projected to reach $1.1 trillion by 2023, according to research from the International Data Corporation, it seems clear that companies aren't planning to slow their adoption anytime soon.
To stay adaptable in the face of emerging cyber risks, IT administrators must carefully assess which threats they face and what the potential impact may be. Although malware, phishing scams and brute-force attacks are top of mind for most organizations, some may be unaware of how devastating denial-of-service (DoS) attacks can be.
What is a DDoS attack?
A denial-of-service attack occurs when a malicious actor is able to flood a target host or network with more internet traffic than it can handle, according to Cybersecurity and Infrastructure Security Agency, preventing legitimate users from accessing a website or online service. Severe DoS attacks often cause web services or networks to completely crash, leading to slow and disrupted performance until the issue is resolved. What makes this type of cyber threat so damaging is that it costs organizations both time and money - online users are unable to make e-commerce purchases while a website is under attack, and IT admins must devote significant time and resources to bring their networks back online.
A more sophisticated form of this hacking method is known as a distributed-denial-of-service (DDoS), which uses multiple computers and internet connections simultaneously. In most cases, these large-scale attacks are orchestrated through the use of massive botnets composed of both consumer and enterprise devices that have been infected with a special type of malware. For example, the Mirai malware strain was behind a major DDoS incident in 2016 that left most of the East Coast without internet access, Wired reported. To help offset these types of cyber threats, companies must first understand common malware delivery methods and the vulnerabilities hackers exploit to launch DDoS attacks.
How do DDoS attacks work?
Generally speaking, DDoS attacks send illegitimate service requests to target web servers in an effort to overload their processing capacities. These requests are often associated with fake return addresses to help shield the botnet from detection. According to CISA, two common DDoS attack methods include:
Smurf attacks: Using this tactic, cyber criminals send Internet Control Message Protocol broadcasts to specific hosts using fake IP addresses. The recipients of these packets then respond automatically, flooding the targeted host with traffic.
SYN floods: Rather than spoofing ICMP packets, malicious actors will sometimes send faulty connection requests to a targeted server. This disrupts the TCP/IP handshake and clogs up the server's ports, preventing normal users from connecting. These attacks continue until all open ports are saturated and no connections can be made.
The devices used DDoS attacks are often compromised by some form of malware - Mirai, Bashlite, etc. - that gives hackers complete control over data transmission. This allows malicious actors to expand their network of infected computers, which in turn increases their potential to disrupt enterprise workflows and take web services offline.
Recent trends in DDoS attacks
According to research from the cybersecurity firm Kaspersky Lab, the total number of DDoS attacks increased by 84% in the first quarter of 2019 compared to the final quarter of 2018. What's more, the average duration of these attacks grew by around 487%, forcing affected organizations to devote more resources to incident response and mitigation.
One reason for the sharp growth in DDoS attacks is that many companies are integrating unsecured IoT devices without taking the proper precautions, according to the National Institute of Standards and Technology. When new enterprise tech is connected to the internet, malicious actors are able to quickly detect it and send targeted malware within a matter of minutes. In many cases, these IoT devices are operating on default credentials or have inherent vulnerabilities that hackers can exploit.
Another issue is that cyber criminals have started targeting internet service providers to maximize the reach and impact of their DDoS attacks. According to research from Nexus Guard, these types of large-scale hacking operations have had a severe impact on communication service providers and are increasing in size by 543% year over year. To offset the risks posed by DDoS-fueled network outages, companies must carefully assess their hardware, software and cybersecurity practices for potential gaps.
Perle offers industrial-grade connectivity tools that can help organizations safeguard key web servers and keep internet traffic flowing when it matters most. Our robust Ethernet converters and reliable console servers enable IT administrators to manage on-site networks with ease. Read some of our customer stories to learn how we've helped other enterprises take full advantage of IoT devices and other emergent technologies.