Penetration Test - Jan Kahmen - March 18, 2022

What Happens During a DDoS Attack?

what_happens_in_a_dos_attack_a0186592b6

When cyber criminals launch a DDoS attack, they wantonly cause an overload in the attacked IT infrastructure.

Table of contents

Cybercriminals have been using DDoS attacks for 20 years: They can be used to inflict targeted damage on institutions or companies. They pose a serious threat, not least because of their inherent incalculable clout. Since 2013 in particular, this form of cyber attack has increased sharply. This makes protection at the enterprise level all the more important.

What is DDoS?

DDoS attacks are a form of cybercrime. The acronym itself stands for Distributed Denial of Service and is basically a special case of the Denial of Service attack. The difference is that the DDoS attack is distributed. This creates a kind of blockade, whereby the CDN or other services are no longer available at all or only to a limited extent. This allows the criminals to extort ransoms or perform various criminal acts. Another difference is how attackers cause the precedent: Regular websites are used instead of the so-called botnets. By means of IP spoofing, it is possible to generate high traffic on the target site. This high traffic also helps to disguise the attack itself.

What Happens During a DDoS Attack?

When cyber criminals launch a DDoS attack, they wantonly create an overload in the IT infrastructure under attack. This means, for example, that an affected content delivery network (CDN) can no longer deliver the requested data. A classic method in distributed denial of service is to directly infect multiple computers with the malware. In this scenario, attackers can take control of the PCs or other electronic devices unnoticed. This, in turn, helps them launch their DDos attack and bombard the target on the network with countless requests.

Who are the Attackers?

The DDoS attack can follow different motives: Above all, blackmail, envy or harming the competition are common reasons for this form of cybercrime. However, criminal groups do not always have to be behind a DDoS attack - it can also be political activists or dissatisfied users. Nevertheless, man-in-the-browser attacks and other attacks always pursue the same goal: they want to inflict the greatest possible damage on the company. Such man-in-the-browser attacks occur, for example, in online banking to other websites for transactions. This form of attack is also seen time and again in social networks. In this case, the attacker modifies the logic behind the website or transaction. These modifications usually remain undetected because the website has the usual functionalities. This means that the user can log in and view all transactions normally. This approach does not overload the website or CDN, but it still causes damage to the company.

By the way, according to the Criminal Code, such an attack is a cyber crime. This means that the distributed denial of service attack is subject to criminal prosecution. Both the preparation and the execution are punishable.

How do they Attack?

DDoS attacks affect cybersecurity in the enterprise in very different ways. That's because different forms of attacks are used. The attack itself targets one or more layers. These layers are defined in the OSI model (Open Systems Interconnection model for network protocol) and consist of up to seven layers. If the attackers are concerned with overloading the network bandwidth or system resources in the CDN, the attack takes place on layers 3 and 4. This form of attack is still one of the most common. However, in recent years, it has been observed that cyber criminals are shifting the attacks to Layer 7. Therefore, it is imperative to regularly check the security of these three layers.

Important: The bandwidth and patterns of DDoS attacks are almost impossible to predict. They change daily and can always vary in their approach and impact. It therefore makes sense to cover all areas when pentesting or evaluating the Common Vulnerability Scoring System (CVSS).

Why the IoT Exacerbates DDoS Attacks

The Internet of Things (IoT) is a collective term for a wide variety of networked devices. They all enrich the everyday lives of their users, both in the private sphere and in industry. Even public infrastructure benefits from smart controls and the new technologies. Nevertheless, this very IoT exacerbates the impact of DDoS attacks. The reason is that connected devices are a thoroughly attractive target for cyber criminals. They lend themselves perfectly to a variety of attacks, including DDoS. If one of the devices is infected with the malware, it can spread on its own throughout the network. As a result, the malicious software corrupts many systems within a short period of time. So, instead of attacking each device individually, it is only necessary to find a single loophole. Due to the high complexity of modern systems, it is especially difficult for smaller companies to maintain a high level of IT security. Attackers take advantage of this vulnerability. In addition to a lack of IT security experts in most companies, the error culture in the IT department also plays a key role. It is not always desirable to actively search for errors or vulnerabilities. However, if these remain, cyber criminals have a much easier time penetrating the system. Not only with regard to DDoS attacks, it therefore makes sense to perform regular tests in accordance with the Penetration Testing Execution Standard (PTES). Pentests that follow these standards are an excellent way to uncover the potential vulnerabilities.

How JavaScript DDoS Works

Most of the interactivity in modern websites comes from JavaScript. Websites include interactive elements by inserting JavaScript directly into HTML or by loading JavaScript via an HTML elementfrom a remote server. Browsers retrieve the code referenced by src and execute it in the context of the website.

The fundamental concept that fueled the Web 2.0 boom in the mid-2000s was the ability for websites to load content asynchronously from JavaScript. Web pages became more interactive as new content could be loaded without having to follow links or load new pages. While the ability to make HTTP(S) requests from JavaScript can be used to improve the use of websites, it can also be used to turn the browser into a weapon.

How to Fend off a DDoS Attack

A well-thought-out cyber security concept and a positive error culture in the IT department help companies defend against a DDoS attack. The security concept should be aligned with modern cyber security standards. Special protection technologies can be deployed both on premises and via SFCaaS services. In order to be able to defend against a DDoS attack, the individual web development must also be taken into account. What points of attack does the application or website offer attackers? What does the IT infrastructure behind it look like? These and other questions about internal web development provide information about which areas require special protection. Above all, companies that increasingly use applications in the cloud need adequate protection against cybercrime. These protection mechanisms not only help fend off DDoS attacks, but also other attacks. Knowledge of the potential threats is just as important as a regular review of internal security. A regular pentest in accordance with the Penetration Testing Execution Standard (PTES) can help to improve your own security devices. The same applies to the analysis of the CVSS, based on the existing and highly individual circumstances of the company. This makes it easier to set up and adhere to a well thought-out security concept. At the same time, it becomes more difficult for future attackers to harm the company.

Contact

Curious? Convinced? Interested?

Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: