properly to legitimate requests.
In many cases, the requests sent by the attacker are each, on their own, legitimate — for example, a normal request to load a web page. In other cases, the requests aren’t normal requests. Instead, they leverage knowledge of various protocols to send requests that optimize, or even magnify, the effect of the attack.
In any case, denial-of-service attacks work by overwhelming computer systems’ central processing units (CPUs) and/or memory, utilizing all the available network communications bandwidth, and/or exhausting networking infrastructure resources such as routers.
Distributed denial-of-service (DDoS) attacks
A distributed denial-of-service (DDoS) attack is a DoS attack in which many individual computers or other connected devices across disparate regions simultaneously flood the target with requests. In recent years, nearly all major denial-of-service attacks have been distributed in nature — and some have involved the use of Internet-connected cameras and other devices as attack vehicles, rather than classic computers. Figure 2-1 illustrates the anatomy of a simple DDoS attack.
FIGURE 2-1: A DDoS attack.
The goal of a DDoS attack is to knock the victim offline, and the motivation for doing so varies.
Sometimes the goal is financial: Imagine, for example, the damage that may result to an online retailer’s business if an unscrupulous competitor knocked the former’s site offline during Black Friday weekend. Imagine a crook who shorts the stock of a major retailer of toys right before launching a DDoS attack against the retailer two weeks before Christmas.
DDoS attacks remain a serious and growing threat. Criminal enterprises even offer DDoS for hire services, which are advertised on the dark web as offering, for a fee, to “take your competitor’s websites offline in a cost-effective manner.”
In some cases, DDoS launchers may have political, rather than financial, motives. For example, corrupt politicians may seek to have their opponents’ websites taken down during an election season, thereby reducing the competitors’ abilities to spread messages and receive online campaign contributions. Hacktivists may also launch DDoS attacks in order to take down sites in the name of “justice” — for example, targeting law enforcement sites after an unarmed person is killed during an altercation with police.
In fact, according to a 2017 study by Kaspersky Lab and B2B International, almost half of companies worldwide that experienced a DDoS attack suspect that their competitors may have been involved.
DDoS attacks can impact individuals in three significant ways:
A DDoS attack on a local network can significantly slow down all Internet access from that network. Sometimes these attacks make connectivity so slow that connections to sites fail due to session timeout settings, meaning that the systems terminate the connections after seeing requests take longer to elicit responses than some maximum permissible threshold.
A DDoS attack can render inaccessible a site that a person plans on using. On October 21, 2016, for example, many users were unable to reach several high-profile sites, including Twitter, PayPal, CNN, HBO Now, The Guardian, and dozens of other popular sites, due to a massive DDoS attack launched against a third party providing various technical services for these sites and many more. The possibility of DDoS attacks is one of the reasons that you should never wait until the last minute to perform an online banking transaction — the site that you need to utilize may be inaccessible for a number of reasons, one of which is an ongoing DDoS attack.
A DDoS attack can lead users to obtain information from one site instead of another. By making one site unavailable, Internet users looking for specific information are likely to obtain it from another site — a phenomenon that allows attackers to either spread misinformation or prevent people from hearing certain information or vantage points on important issues. As such, DDoS attacks can be used as an effective mechanism — at least over the short term — for censoring opposing points of view.
Botnets and zombies
Often, DDoS attacks use what are known as botnets. Botnets are a collection of compromised computers that belong to other parties, but that a hacker remotely controls and uses to perform tasks without the legitimate owners’ knowledge.
Criminals who successfully infect one million computers with malware can, for example, potentially use those machines, known as zombies, to simultaneously make many requests from a single server or server farm in an attempt to overload the target with traffic.
Data destruction attacks
Sometimes attackers want to do more than take a party temporarily offline by overwhelming it with requests — they may want to damage the victim by destroying or corrupting the target’s information and/or information systems. A criminal may seek to destroy a user’s data through a data destruction attack — for example, if the user refuses to pay a ransomware ransom that the crook demands. Of course, all the reasons for launching DDoS attacks (see preceding section) are also reasons that a hacker may attempt to destroy someone’s data as well.
Wiper attacks are advanced data destruction attacks in which a criminal uses malware to wipe the data on a victim’s hard drive or SSD, in such a fashion that the data is difficult or impossible to recover.
To put it simply, unless the victim has backups, someone whose computer is wiped by a wiper is likely to lose access to all the data and software that was previously stored on the attacked device.
Is That Really You? Impersonation
One of the great dangers that the Internet creates is the ease with which mischievous parties can impersonate others. Prior to the Internet era, for example, criminals could not easily impersonate a bank or a store and convince people to hand over their money in exchange for some promised rate of interest or goods. Physically mailed letters and later telephone calls became the tools of scammers, but none of those earlier communication techniques ever came close to the power of the Internet to aid criminals attempting to impersonate law-abiding parties.
Creating a website that mimics the website of a bank, store, or government agency is quite simple and can sometimes be done within minutes. Criminals can find a near-endless supply of domain names that are close enough to those of legitimate parties to trick some folks into believing that a site that they are seeing is the real deal when it’s not, giving crooks the typical first ingredient in the recipe for online impersonation.
[email protected].
Phishing
Phishing
