What is a DDoS attack and how to avoid it
Although ransomware attacks (holding a victim’s data ransom) and phishing have recently become more and more frequent, distributed denial of service (DDoS) attacks continue to top of the lists of those techniques most used by cybercriminals.
DDoS attacks usually intend to “bring down” a platform or web page, thus disrupting the service it provides. This loss of service is caused by overloading a single target destination with a flood of data from different points of connection (computers or Internet-connected devices), until the server of the web page or platform becomes saturated and stops working.
To give a real-world analogy, imagine a denial of service attack is like the entrance to a big mall on Black Friday. The shops in the mall would be the service provided over the Internet, the entrance to the mall would be the server where the users send their requests, and the people who want to get into the mall represent the user-generated online traffic. Normally, there’s no problem: the entrance doors at the mall are big enough to accommodate everyone who wants to go inside and shop. But when the Black Friday sales begin, there is such a mass of people trying to funnel inside that a blockage can occur causing the flow of people to slow to a snail’s pace or come to complete standstill.
Servers become saturated when they receive too many requests; they don't have enough resource capacity to handle the number of requests, and so they stop working. The server returns to normal only once the attack has stopped or the illegitimate, malicious requests have been blocked.
Organizations adopt specific approaches to network design and commercial software tools to defend themselves against these attacks; nonetheless, cybercriminals continue to devise techniques that put companies’ defense systems to the test.
This loss of service is caused by overloading a single target destination with a flood of data from different points of connection
The most sophisticated denial of service attacks use botnets – networks of “zombie computers” – consisting of numerous malware-infected computers that are thus available to cybercriminals who control them remotely. Because they are made up of hundreds or thousands of machines, meaning there is not a single source for the malicious requests, botnets are extremely useful when perpetrating a distributed denial of service attack.
In these cases the computer's owner doesn't know his or her machine is part of a botnet; although there may be some symptoms like the computer runs unusually slowly; it operates strangely; it displays error messages; or, its fan begins to run while the machine is inactive.
To avoid our computers being infected by malware ensnaring them into a botnet, follow the guidelines below:
- Keep computer antivirus software updated; most of them monitor network activity and will report anomalous activity.
- Use services that are dedicated to updating system software; these updates minimize the chances of security weaknesses being exploited. At the same, they specialize in protecting against DDoS.
- Do not click on links or download attachments that are sent from unknown emails. These links or attachments could infect the device with malware.
By following these guidelines, we will keep our equipment safe from zombie networks.