Nation-State Actor Sets DDoS Record with Attack on Google
Imagine prank-calling a business over and over again, knowing full well that employees have to pick up the phone every time it rings in case it’s a potential customer. To disguise your identity, you call from various numbers; placing multiple calls at the same time so that it uses up all the phone lines the business has installed. Do this frequently enough and it would leave legitimate customers unable to get through, since the lines would be engaged every time they try ringing. If it’s a company that does its business predominantly over the phone, this would be an effective — albeit very malicious — way of depriving them of their livelihood for however long you kept up the stunt.
This, in essence, is how a Distributed Denial of Service (DDoS) cyberattack works. While there are different types of DDoS attack, ranging from UDP to HTTP floods, broadly speaking, a DDoS attack involves bombarding an internet service or website with fraudulent traffic to the point that it is unable to cope. The service is then knocked offline as a result. DDoS traffic is often sent using what is called a botnet, a vast network of compromised internet-connected devices which have been infected with malware that allows them to be used like a zombie army, frequently without their rightful owners’ knowledge.
DDoS attacks big targets
Because botnets can consist of many thousands of devices, DDoS attacks can be almost unimaginably large. One of the biggest DDoS attacks to date took place in February 2020 when an unnamed target was hit with an enormous attack that involved an onslaught of traffic at a rate of 2.3 terabits per second (Tbps). An even larger attack, amounting to upwards of 2.54 Tbps was leveled against Google in 2017 by a nation-state actor that used bad UDP packets sent from multiple Chinese internet service providers.
Other major targets of previous DDoS attacks have included Amazon Web Services, major banks, the BBC, Sony’s PlayStation Network, public code repository GitHub, and more. While it’s possible to defend against DDoS attacks (more on that in a moment), attacks can nonetheless be enough to bring even companies of this size to their knees for a period of time. That can mean massive lost revenue (for the period of service outage itself), along with dented customer loyalty.
Different flavors of DDoS
As mentioned up top, there are different types of DDoS attack, all involving different approaches to overloading networks. Broadly there are three types of attack. Volume-based attacks (measured in bits per second) saturate the bandwidth of targeted sites, while protocol attacks (measured in packets per second) eat up server resources, and application layer attacks (measured in requests per second) attempt to crash web servers with what appear to be legitimate, innocent requests.
In each of these categories are different iterations ranging from the aforementioned UDP floods (which sends huge amounts of User Datagram Protocol packets) to ICMP floods (which sends “ping” requests) to HTTP floods, and more. In all cases, the results can be devastating for those who find themselves targeted. Such is the nastiness of DDoS attacks that, increasingly, some attackers will try and extort targets for money just by threatening such an attack.
The importance of defending against DDoS
Defending against DDoS attacks is now a crucial requirement for organizations. Service outages can be disastrous in both the short term and long term. Defending against DDoS requires different approaches depending on the different types of attack.
For example, defending against volumetric attacks means being able to absorb enormous attacks and stay standing. This can be achieved by using global networks of what are called scrubbing centers. When an attack of this type is identified, traffic can be redirected to a scrubbing center that’s designed to cope with the high volume flood attack, while passing clean traffic back to the network so that it can reach its target.
Meanwhile, protocol attacks can be defended against by blocking the malicious traffic before it reaches the site to begin with. This entails being able to differentiate effectively between legitimate, good visitors and automated, bad ones. Finally, application layer attacks can be mitigated by keeping monitoring tabs on the behavior of visitors, blocking bad bots, and more.
It’s a complicated endeavor — but someone’s got to do it, and, fortunately, the technology now exists to make this possible. For this kind of protection, it’s worth bringing in the cybersecurity experts to help. DDoS filtering tools are no longer really optional for anyone who does their business online. The effects of a DDoS attack can be crippling. It’s far better to spend time investing in the right defenses in advance, so the question of how your business can recover after suffering a terrible DDoS attack is one that you never have to ask.