This blog was written by an independent guest blogger.
Is your company at risk of a Denial of Service (DoS) attack? If so, which areas are particularly vulnerable? Think it’s a crazy question? Think again. In 2020, 16 DDoS attacks take place every minute. DoS attacks require fewer resources, and so pose an even greater threat.
In this post, we’ll discuss what a DoS attack is and how it differs from a Distributed Denial of Service (DDoS) attack. We’ll then look at one of the latest techniques bad actors use to maximize the impact of their actions.
What is a DoS Attack?
A DoS attack is pretty much what it sounds like. The bad actors render a device or computer unavailable to authorized users. This is accomplished by interrupting the normal functioning of the item.
DoS attacks will flood the target device with requests so that the device becomes overwhelmed. The device’s resources are all used to service these invalid requests. As a result, when a valid request comes along, there are no resources left.
What’s the point of these attacks?
There could be several reasons to launch a DoS attack. Some reasons include:
- Business rivalry
- A dispute against the company
- To earn a ransom to stop the attack
- To damage the business.
What’s the difference between a DoS and DDoS Attack?
Both use the technique of overwhelming the target device. The primary difference is in the number of computers used during the attack. With a DoS attack, just one computer is needed. With a Distributed Denial of Service attack, several machines or bots are used instead.
Which form of attack is more effective?
You might feel that the DDoS attack is more effective. It’s indeed easier to overwhelm a device or server with requests from more bots rather than fewer. It’s also true that the attack is more likely to be detected and blocked.
One computer attacking the system might not have the same brute force, but you don’t always need brute force.
Say, for example, that a cashier clones your debit card while you’re paying for your items. She notices that you get a message from your bank whenever you swipe your card. She’d like to shop for as long as possible without you noticing, so she gets a friend to launch a DoS attack on your phone.
Her friend might use a buffer overflow attack technique on your phone. This attack uses up all the memory and processing power of your phone. You won’t receive messages or phone calls as a result.
This is a simplified example, but it just goes to show that you don’t always need an army for these kinds of attacks.
More advanced attacks
According to Wired, we’re liable to see more DoS attacks with the Web Services Dynamic Discovery Exploit. This admittedly is a clever exploit and one that becomes more relevant with the Internet of Things expanding.
With this attack form, the hacker ignores the primary system. Instead, they target vulnerable devices connected to the same network. These could be devices like printers, CCTV cameras, thermostats, etc.
The point is that those devices usually don’t have the same level of protection that a company’s servers have. The hacker spoofs the target IP address and pings the device. The device responds to the legitimate target server and ties up resources.
This attack is more difficult to detect than a direct attack because the requests are coming from devices authorized to use the network.
Common focal points of DoS attacks
DoS attacks fall into one of two basic categories:
- Flood attacks
- Buffer overflow attacks.
Communication between a server and the devices connected to it is essentially the exchange of packets of data. With flood attacks, the attacker sends in an overwhelming number of these packets. This type of attack requires a fair amount of bandwidth but can be relatively easily accomplished.
This will often result in a system crash.
Buffer overflow attacks
This is the type of attack that we spoke about earlier. Here the attacker makes the memory buffer use all the processing power and hard disk space of the target device. The system slows to a crawl and is likely to crash.
How do you know if you’re under attack?
It can be difficult to tell at times. A DoS attack may resemble connectivity errors. Good indicators include:
- Abnormally slow load time for websites or documents on your computer
- Not being able to load your website
- Connectivity errors across all devices at the same time on the same network.
Protecting yourself against a DoS attack
The advantage of being attacked by a single computer rather than an army of bots is that it’s easier to shut down one computer. If you suspect that you’re a victim of such an attack, you can block the relevant IP address on your firewall or through your ISP.
Defending against further attacks of this nature is possible through the use of specialized security tools. These tools identify patterns in behavior. If they notice that a particular IP address is sending an excessive number of requests, they can block it and halt the attack.
As cyber attacks go, a DoS attack may seem pretty vanilla. That is unless you’re on the receiving end of the attack. Now that you understand more about how these attacks work, though, you’re in a better position to defend against them.