Press ESC to close

What is a DDoS Attack? And How to Prevent Your Devices From Being Used in a DDoS Attack

whatsbest1 editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.— that referral doesn’t cost you a penny -Disclosure page

[ad_1]

DDoS stands for Distributed Denial of Service. A DDoS attack is designed to disrupt a website or network by bombarding it with traffic. Hackers and others use these attacks for a variety of reasons including revenge, extortion, and financial and political gain. Not only are these damaging to individual operators, they sometimes can render huge chunks of the internet unusable for a period of time. A DDoS attack can cause massive service disruption, causing businesses to lose millions of dollars. Attackers do this by infecting hundreds or thousands of PCs, creating “zombies” or botnets that can create disruptions or spew out malware.

How Does a DDoS Attack Work?

to Prevent Your Devices From Being Used in a DDoS Attack

The first step in most DDoS attacks today is using malware to create a botnet, which is a “zombie” army of computers that can be used in a network to attack a website or online service. This is relatively easy, as many people browse unsafe sites, download attachments from unknown parties, and fail to take even basic cybersecurity precautions like installing effective antivirus software. In many cases, the owner of a zombie PC may not be aware of the malware infection, which can lie dormant until the hackers activate it.

The first step in most DDoS attacks today is using malware to create a botnet, which is a “zombie” army of computers that can be used in a network to attack a website or online service. (This is relatively easy, as many people fail to take even basic cybersecurity precautions like installing effective antivirus software and setting strong passwords with a password manager.) In many cases, the owner of a zombie PC may not be aware of the malware infection, which can lie dormant until the hackers activate it.

“Hackers can take over machines with a phishing email that looks legitimate. But when you click on it, it takes you to a bad website and you download something onto your machine, and you unwittingly become part of the botnet,” says Rick Holland, a cyber threat intelligence expert at Digital Shadows.

The first step in most DDoS attacks today is using malware to create a botnet, which is a “zombie” army of computers that can be used in a network to attack a website or online service.

Denial of service attacks can shut down websites and online services by flooding them with requests that overwhelm them. While the goal may be to take a website or service offline, in some cases “botnet DDoS attacks are merely smokescreens for other, more damaging attacks,” such as spam, crypto-mining, adware fraud, or other malicious activity, according to the Israeli-based security firm Cynet.

Holland says that cybercriminals often threaten a DDoS attack while at the same time using ransomware and data theft to multiply their avenues for extortion. For example, “the CEO of a company gets an email saying, ‘hey we’ve got your data; pay us or we’re going to leak it,'” he says. “If they ignore this, it escalates and they say, ‘we’re going to take down your e-commerce site.’’ And they’re encrypting all the devices so it’s double or triple extortion.”

Denial of service attacks, like other digital attacks and malware campaigns, can be bought, contracted, and sold on the dark web, making it easy for threat actors to get in the game by using DDoS-for-hire or DDoS-as-a-service.

How to Identify a DDoS Attack

DDoS traffic often comes without warning and can be difficult to detect until a network is so inundated with traffic that it can no longer function. To detect these attacks before they escalate, network administrators sometimes look for suspicious amounts of traffic from a single IP address or range, or other unusual traffic patterns that may be directed to a single endpoint or page.

If a DDoS attack isn’t prevented, quick detection is essential to avoid a costly shutdown. Thus, it’s important to monitor and prepare in advance with a defense strategy. Many security services, including California-based Sucuri, can provide tips on monitoring. PC users whose machines are hijacked for botnets may also be unaware of their role in these attacks, highlighting the need to watch for signs of infection, according to Logix Consulting.

Types of DDoS Attacks

Denial of service attacks are possible because of the open nature of the internet. Attackers “exploit normal behavior and take advantage of how the protocols were designed to run in the first place,” according to CompTIA, a technology industry group. “In the same way a social engineer manipulates the default workings of human communication, a DDoS attacker manipulates the normal workings of the network services we all rely upon and trust.”

These attacks come in various shapes and sizes, using various DDoS tools. An application layer DDoS attack, also known as a Layer 7 attack, hits the consumer-facing side of a network, according to computer security firm Cloudflare. These attacks target the part of the internet where web pages are generated and delivered in response to an HTTP request (what you type when you try to connect to a website).

In some cases, application layer attacks become HTTP flood attacks. An attacker uses these to saturate a website and make it impossible for others to connect to it.

Denial of service attacks are possible because of the open nature of the internet.

Other DDoS attacks include protocol attacks or SYN floods, which involve sending so-called “handshake” requests – which is how two computers and networks verify and connect to each other – without completing them. This can overwhelm a target network.

A volumetric attack, just like it sounds, delivers massive volumes of requests, often from a botnet, which can be too much for the target to handle.

A DNS amplification attack delivers fraudulent lookup requests to the Domain Name System (DNS), the internet’s “address book” that establishes that a website is what it purports to be and isn’t a fake. In this type of attack, a single machine can spoof its address and send numerous requests about a target to a DNS server, which can overwhelm it. Like other DDoS attack, a DNS amplification attack can overwhelm a network. The Cybersecurity & Infrastructure Security Agency, part of the Department of Homeland Security, says this is a common type of attack and “can create an immense amount of traffic with little effort.”

Other hackers may use an IP fragmentation attack, which exploits the need for data to be fragmented into small packets in transmission before being reassembled, according to the security firm Imperva.

How to Prevent Your Devices From Being Used in a DDoS Attack

Even though individuals are rarely targeted by DDoS attacks, anyone’s devices can become part of zombie botnets used by cybercriminals without their owners’ knowledge. This highlights the need for good cybersecurity practices.

Protect Your Router

Your router – that gadget that links you and your devices to the internet – is a key entry point for cybercriminals and needs good protection. Make sure yours has strong encryption and a strong password, not the one you get when it comes out of the box. “One avenue of approach for local attackers is to hop on to an unprotected wireless access point broadcasting throughout the neighborhood,” says John Dickson, vice president at the security firm Coalfire. “You don’t want a bad guy doing things like initiating a spam or attacking others from a device that appears to come from your home.”

Even though individuals are rarely targeted by DDoS attacks, anyone’s devices can become part of zombie botnets used by cybercriminals without their owners’ knowledge.

The best VPN service 

Use Strong Passwords on Internet-Connected Devices

Even if your router is secure, an attacker might find vulnerabilities in internet-connected smart home devices. These can include home security systems, home security cameras, and internet-connected appliances like refrigerators, washers, and dryers; and smart speakers. Some of these come with weak passwords or none at all. “The bad guys see that, and then they pull them into their botnet so they have millions of IoT devices that they can then point at who they want,” says Holland. The easiest and best way to consistently come up with strong passwords for all your internet-connected devices is to use a password manager.

Use Antivirus Software

Good antivirus software on your phone, laptop, or tablet – which may also protect against spyware, adware, and other threats – is a key element in home cybersecurity. It’s also important to keep these programs updated, which all of our Best Antivirus Software companies do automatically for subscribers. Because hackers constantly update their attacks, security software needs to be updated to protect against the newest viruses. “You want to be sure you are running updated software to protect the machine and get updated [virus] signatures,” Holland says.

Learn More

Related

Best Antivirus Software

Norton 360 Antivirus Review

[ad_2]

Leave a Reply