On 28 February the most powerful distributed denial of service (DDoS) attack ever recorded struck the software development platform GitHub. At 1215 local time, the company was suddenly hit by 1.35 terabits of traffic per second. GitHub suffered several outages over a 10-minute period while its DDoS mitigation service took over as an intermediary, routing all the traffic coming in and out of the site. Since the DDoS attack, there is reported to have been a ransom demand made in the data payload of 50 Monero (USD15,000). The most recent incident comparable in scale occurred in October 2016, against domain name server (DNS) and email delivery service provider Dyn. The company was suddenly inundated with 1.2 terabits of traffic per second that temporarily forced websites such as Twitter, Spotify and Reddit offline.
WHAT IS A DDoS ATTACK?
A DDoS attack prevents a website or server from operating properly. It does this by targeting “nodes” – devices in an IT network which handle the transfer of data (eg. emails / website content). “Nodes” can only manage a certain amount of data traffic. When the amount of data passing through the “nodes” reaches maximum capacity, data traffic rates slow down or halts completely – potentially crashing systems. DDoS attacks use numerous devices (“attack vectors”) to try and crash the target site or server. Cyber criminals normally do this by infecting various unsuspecting computers with malware, which can then be manipulated to unknowingly take part in the attack through sending excessive ping requests targeting a domain server and causing it to crash. Manipulated computers are referred to as “zombies” and a network of “zombies” is known as a “botnet.”
WHAT IS THE POINT OF A DDoS ATTACK?
The motivation for launching DDoS attacks is not always clear. In 2014, the hacking group Lizard Squad caused Sony and Microsoft gaming services to crash on Christmas Day. One member of the group later claimed the attack was carried out “for laughs”. However, if a state or criminal actor wishes to target a business or national government, a large-scale DDoS attack can cause significant disruption and inflict considerable financial losses.
A Cert-UK report noted that cyber criminals can hold victim organisations to ransom with DDoS attacks and describes how, in 2013, 30% of DDoS attacks cost their victims at least USD100,000 per hour. Three weeks of mass DDoS attacks targeting Estonia in 2007 forced government, political party, media, and business websites to shut down, prompting a response from NATO.
Finally, another often overlooked motive for launching a DDoS attack is to cover up another more targeted cyberattack. Due to the overwhelming amount of traffic that impacts organisations’ IT systems during a DDoS event, it is extremely difficult for post-incident investigators to examine all the logs which collect data on connections to and from servers. Therefore, cyber criminals can try and infect IT systems with malware undetected.
The UK’s National Cyber Security Centre (NCSC) lists four common methods to help mitigate against a DDoS attack:
- The first is to employ preventative measures upstream. This means transferring as much protection as possible “upstream” to the internet service provider (ISP).
- The second method is to use content delivery networks (CDNs). CDNs have access to internet infrastructure all over the world with numerous routes in and out of a network, making it difficult to carry out DDoS attacks.
- The third method is competent system monitoring, so that a victim can recognise an attack immediately.
- Finally, the fourth method is to use a host in the cloud. Cloud hosting helps reduce the impact of a DDoS attack by offering services in several different regional or geographic locations, which can potentially increase a server’s resilience to an attack – if services in one region are targeted others may continue to operate normally.
NYA’s Cyber Risk Management services help you establish and reinforce processes and controls that protect your assets and build and test your organisation’s resilience to incidents. In the event of an incident or a crisis occurring, NYA’s crisis response consultants provide you with practical advice, options and scenario planning based on years of experience and best practice procedures. Our primary objective is always the successful resolution of the crisis, to put you back in control. To find out how we can help your organisation, contact us today.