Whether it’s Netflix, news websites, multiplayer gaming networks or remote working systems, large numbers of people rely on some internet service or other. Usually several. For a hacker wanting to cause maximum damage online, there is therefore no doubt what the best (or worst) type of attack is: one that stops that particular service from working altogether.
This is the basic idea behind a brand of cyberattack called a DDoS (Distributed Denial of Service), a.k.a. Stressers, booters, and an assortment of other names discussed here.
DDoS works by harnessing a so-called botnet of computers or Internet of Things (IoT) devices infected with malware, and using them to bombard a particular website or service with massive quantities of fraudulent traffic. A bit like prank-calling someone’s landline phone repeatedly until they stop answering any calls, the goal is to overwhelm the victim’s system so that legitimate traffic is unable to get through. The results can be extremely costly: both financially in terms of unwanted downtime and for dented customer loyalty.
There are different types of attack that fall under the broad umbrella of DDoS. Some examples include ICMP (Ping) floods, SYN flood, “Ping of Death” attacks, NTP amplification, HTTP floods, and more. Each differs in the precise way that it overloads a system, although all share the same overarching purpose.
DDoS is becoming more common
Over the past two decades, DDoS attacks have become increasingly widespread. One big reason for this, at least in recent years, is the rise of what is sometimes referred to as “DDoS as a Service.” Like any online service, the concept is to provide something that people want (in this case, providing bad actors with a way to launch large-scale cyberattacks against enemies) as a rental proposition. This lowers the barrier to entry for people wanting to wage a DDoS attack online.
For just a few bucks, customers of these illicit services are able to hire botnets of infected devices and use them to target victims, ranging from rivals to political or ideological enemies. That means that would-be attackers do not have to build a botnet of zombie machines from scratch and can instead rely on a library of existing ones. Such botnets could cost just $20 to $38 per month for a rolling subscription similar to any other legitimate subscription. One example of a DDoS as a Service provider was vDOS, a now-defunct service that launched more than two million DDoS attacks over the course of four years.
Many others have followed suit, with some commanding botnets consisting of hundreds of thousands of infected devices. Cumulatively these can be used to throw enormous attacks of many gigabits per second, providing enough junk data firepower to knock even large websites offline.
Testing your own network?
DDoS as a Service attacks are, unsurprisingly, illegal. For that reason, some rental DDoS enterprises describe what they are doing as providing “stressers.” What this implies is that users of such a service are only buying a DDoS package in order to test how much traffic their own server is able to withstand. It is likely that some people use stressers in this way. For instance, a network administrator may wish to use a stress test prior to launching a new service so as to be able to decide if existing resources, such as bandwidth, are capable of handling the extra burden they will be asked to shoulder.
But there’s also no doubt that some people using a service that requires no verification of their own identity and ownership of a particular server will use it for nefarious means. Other terms for DDoS as a Service include “booters” and “ddosers,” neither of which make any pretence about providing DDoS as a Service for benevolent means.
In addition to aiming to bring down websites or services, or otherwise slow them to unmanageable speeds, some DDoS attackers have used the threat of a crippling attack to try and extort money from targets. Their hope is that victims will calculate the amount of money they could potentially lose from an outage and decide to instead pay a ransom to avoid this taking place. (Note to targets: It’s never a good idea to pay out money to cybercriminals looking to extort you.)
Solutions are available
Fortunately, there are solutions available to the threat of DDoS attacks and their myriad other descriptors. One of the smartest moves is to bring in cybersecurity experts who have developed tools well-equipped for dealing with DDoS attacks. These systems should be able to spot and quickly respond to DDoS attacks in progress; blocking fraudulent traffic, but continuing to let through legitimate requests from real users.
These systems must be capable of scaling with the needs of your business and the size of new cyberattacks, flexible enough to adapt to new challenges, and — perhaps most crucially — fast-moving and consistently effective. Because no-one, whether a business owner or a legitimate user, should have to worry about being victimized by a DDoS attack.