Posted on January 20, 2020 at 7:43 PM
Distributed Denial of Service attacks (DDoS) is one of the types of attacks many organizations are not better equipped to face. The increased level of DDoS attack is now a source of concern for security researchers, experts, and other stakeholders in cybersecurity. Organizations constantly face any of these common DDoS attacks every year which we will discuss further, as they are affected by downtimes and eventual financial loss.
To understand how to mitigate these attacks, it’s important to know their various forms. After all, there will be no successful treatment if the cause of the ailment is not known.
But before we delve into common DDoS attacks 2020, it’s necessary to go through some basics.
What is a DDoS attack?
DDoS refers to the deployment of large numbers of internet bots, meant to attack an application, network, or single server. The bots attack their hosts with an exceedingly high number of requests or packets. As a result, the customers and employees who the serves are meant for are denied the service.
The attackers usually start the attack by taking advantage of a vulnerability in a single computer system. Once the DDoS succeeds in infiltrating the first system, it becomes the master DDoS and uses it to identify other vulnerable systems to turn into bots.
The attacker programs these computer bots using a botnet or what is known as a command-and-control server. Once the attacker has succeeded in taking control of the computer bots, they send messages directing the bots who to target next.
7 Common DDoS Attacks 2020
DDoS attacks have risen tremendously in recent times. However, cybersecurity has not stopped tracking and exposing them. There have been a countless number of DDoS attacks which has increased in severity and frequency. The following are the 7 common DDoS attacks:
1) User Datagram Protocol Flooding (UDP)
In this type of DDOS attack, the victim receives many UDP packets at random ports. When the victim receives the packet on the port, it starts looking for any listening application to the port. When there is no reply or response, the system sends an error message back to the sender in the form of an ICMP packet.
This is one of most common DDoS attacks, the sender usually sends a lot of UDP messages. These messages are too much for the receiving system to reply as it takes a lot of resources. Because of this, the system might be rejecting a legitimate request from the main user of the computer.
2) IP Fragmentation Attacks
Here, the attacker sends a uniquely designed packet to the victim. The attacker breaks down the IP packets into smaller bits, known as fragmentation. When the fragmentation reaches the victim’s address, they are reassembled to arrive at the original data.
When the attacker develops more packets, they overlap each other. This causes a problem to the operating system, as it becomes confusing how the packets would e assembled. The operating system would eventually crash.
3) Amplification DDoS attack
In this kind of attack, the attacker hides his IP address and utilises a legitimate computer to send the message to the server. Here, the attacker delivers a small packet to a legitimate machine by tweaking the sender’s address. After tweaking the address, it would seem as if the message was sent from the victim’s server.
The legitimate system will reply with its message to the victim’s server. This may not be a problem for the victim’s system to decode and respond.
But it will be a big problem when the response data is large.
This type of attack is very common where the attacker sends small data while the receiving computer received an extraordinary amount of data. The high amount of data will slow the system and forces it to malfunction on some simple commands.
4) Ping of Death
Ping of death sends data to the receiving computer in split packets. When the operating system at the receiving point reassembles the packet, it doesn’t have a clue how to deal with the bigger packets. This causes an error in the system and forces the operating system to crash.
5) SYN flood
In the SYN flood, the sender makes sure the message reaches the sender. It used s 3-way handshake approach to communicate and reach the victim.
Here, the sender begins by delivering an SYN packet to the sender while the sender responds with an SYN-ACK. After the response from the sender, an ACK packet is sent by the sender, but this time it’s accompanied with a data. In this type of attack, the sender or attacker exhausts the victim’s resources by making it wait endlessly for a reply.
The attacker delivers several SYN packets, and the victim waits for the ACK until it cannot wait anymore and times out.
It’s known as SYN flooding because the attacker floods the victim servers with a lot of SYN packets to the server, which forces the server to continuously timeout.
6) NTP attacks and DNS amplification attacks
NTP attacks, WordPress pingback attacks, and DNS amplification attacks are all magnification attacks. They are similar to the amplification attack method above. In this type of attack, the sender or attacker sends a bogus packet using the victim’s IP address to a DNS server. The DNS responds to the victim with larger data. The larger data then disrupts the proper performance of the victim’s server.
This is a known method where hackers take advantage of the DDoS vulnerability of servers or systems. Web servers host several web applications, which include Tomcat and Apache.
If any of these web servers are vulnerable, the attacker can initiate an exploit against such vulnerability. The exploit does not need to infiltrate the system before it crashes the webserver. Most exploits on vulnerability are intended to crash the server, instead of stealing information.
Two examples of the biggest DDoS attacks in history
These examples below show how a DDoS attack can be a big problem for the victims. They are two of the biggest DDoS attacks in history.
i) PopVote DDoS attack at Occupy Central
In 2014, PopVote DDoS attack targeted Occupy Central, a grassroots movement in Hong Kong. During this attack, the transfer data rate was 500 gigabytes per second. As at that time, the movement was involved in a campaign for a more democratic voting system in the country.
The cyber attacker responded to the activities of the Movement by sending an enormous amount of traffic to three of the hosting services at Occupy Central. They also sent data to two other independent sites, Apple Daily and PopVote.
However, neither of the sites was managed or run by Occupy Central, but its cause was supported. Most observers believe the reaction and attack were in response to the pro-democratic message by Occupy Central.
The attacker used disguised legitimate traffic to barrage servers and caused an enormous holdup within the servers and the system. They used just five botnets to carry out the attack, with peak traffic reaching a massive 500 gigabyte per second.
ii) GitHub: 1.35 Tbps
On February 2018, a popular developer platform, GitHub was hit with a mad rush of traffic which reached a massive 1.3 terabits per second. GitHub traced the traffic and discovered that it is the cause of hundreds of different autonomous systems that operate across several thousands of unique endpoints.
The worst thing about the attack was the fact that GitHub didn’t have any clue that the attack of this magnitude could happen. Actually, they were not even aware of any imminent attack not minding preparing for such.
After the incident, GitHub explained that the company had added more layers of security to its systems. It says the company has doubled its transit capacity at the time, which has helped the company to resist certain volumes of attack without affecting users.
How to prevent DDoS attacks
DDoS attacks are growing rapidly as more types of attacks emerge. But there are ways to prepare for these attacks to mitigate or reduce its severe consequences. The following is a guide on how to prevent DDoS attacks.
1) Select a deployment model
There are advantages of using both reactive and proactive deployment modes for DDoS attack. The deployment model you select will depend on your business goals.
But obviously, the best solution is a proactive approach, which analyzes metadata to detect vulnerabilities. It’s more commonly used for real-time apps for gaming, video, as well as voice.
The proactive approach includes managed security services, bi-directional protection, volume attack protection, as well as protection of critical DNS services.
Unlike the proactive approach, a reactive mode cannot respond in real-time.
2) Developing a DDoS response plan
Have a thorough security assessment and use the information to develop a solid DDoS prevention plan. When you develop an incidence response, it will help you prevent severe damage to the system. If there is no plan in place, it would be more difficult to make the right decisions when a DDoS attack occurs.
This can lead to loss of data and resources. But having a contingency plan can save the company or business a lot of damage. With a response plan, the company can reduce the impact of the attack and save months of recovery.
3) Secure network infrastructure
You need to use multi-level protection to secure your network infrastructure. This protection includes advanced threat management and intrusion prevention systems that combine load balancing, content filtering, anti-spam, firewalls, and other types of DDoS defence techniques. Single-layer protection is no longer okay and safe against DDoS attacks.
Instead, multiple-layer protection would provide consistent and constant network protection against DDoS attack. With these security layers, it will be easier to detect any traffic inconsistencies, which is mostly an indication of an imminent DDoS attack.
4) Practice basic network security
One of the major reasons why DDoS attackers can succeed is because the victims fail to follow the very easy for hackers to have a field day in the system. With the use of complex passwords that change regularly, it will be difficult for attackers to get through. The measures alone may not prevent DDoS attack, but they can serve as an important security foundation.
The DDoS attack is always going to be a big problem and challenge to the cyber community. However, it’s important o understand these types of attack to know how best to defend against them. The above are the most common DDoS attacks and their attacking methods.
Thankfully, there are ways to prevent and mitigate their impact, which we have also explained above. Are you looking for an experienced and competent cybersecurity firm? Then try out https://koddos.net/. The firm uses AI and machine learning to detect endpoint security threats, including malware attacks and DDoS attacks.