With cyber threats more numerous and sophisticated than ever before, it’s important for all businesses to gain some understanding of the online threat landscape and take the appropriate protective measures. As we discussed previously, threat awareness is a critical element of cyber security, but while many cyber threats such as phishing and ransomware are well publicized and understood, some attack methods escape public attention, and are thus to some extent disregarded. Denial-of-Service attacks are a prime example of such a threat.
Denial of Service attacks – What are they?
Denial-of-service attacks (commonly abbreviated to “DoS attacks”) aim to do exactly what their name suggests: deny users access to a system, server or network. These attacks vary in their exact nature, but typically involve inundating a network resource with more traffic than it can comfortably handle, resulting in the system becoming extremely sluggish or inoperable for its legitimate users.
Cyber criminals use DoS attacks to achieve a number of nefarious aims:
- Extortion. In a similar fashion to ransomware, DoS attacks can be used to coerce a financial reward from victims, with the promise to restore access to a service upon payment being received.
- Hacker Activism. Hackers with political motivations sometimes use DoS attacks to damage organisations they are opposed to. Such attackers are sometimes referred to as “hacktivists.”
- Retaliation. DoS attacks can be used to extract revenge for perceived wrongdoing.
- Suppress competition. There have been cases where organisations have deployed DoS attacks to obstruct the operations of a rival in order to gain an advantage.
There is a common misconception that DoS attacks are only a concern for larger firms, driven by the widespread publicity drawn by attacks against prominent corporations. The truth however, is that any internet-connected business can experience a DoS attack, and as is the case with many forms of cybercrime, smaller companies can be viewed as easier targets due to their often limited cyber security resources.
How do Denial-of-Service attacks work?
First, it’s important to distinguish the two types of DoS attacks that exist:
- Denial-of-service attacks (DoS). These attacks are carried out by a single host.
- Distributed-denial-of-service attacks (DDoS). Using numerous infiltrated devices (known as a botnet), DDoS attacks inundate the target from numerous sources, making it more difficult to distinguish between legitimate and malicious traffic.
DoS attacks are carried out using a variety of techniques. It isn’t necessary to understand the technical intricacies of all these, so let’s consider a few of the most common without going too in-depth…
Application layer DoS attacks
These attacks seek to exploit vulnerabilities in applications in order to render the program inoperable or prevent legitimate users accessing content. Common examples of such attacks include HTTP floods and Slowloris attacks.
Amplification attacks are DDoS attacks whereby an instruction is sent to an infected network of computers in order to trigger a flood of traffic against a target, pushing it beyond its capacity. DNS amplification is a common example of such an attack, where IP address spoofing and large botnets are used to disable even the most capable internet infrastructure.
Resource Depletion Attacks
Unlike traffic-based DDos attacks which seek to flood systems with requests from multiple locations, resource depletion attacks focus on a system’s active resources such as memory or processing power. By taking advantage of software defects or vulnerabilities, hackers manipulate programs in ways that drastically reduce the computing power available to legitimate users, rendering services unusable.
Perhaps what you might consider the “classic” DoS attack, flooding attacks involve overwhelming a target system with a huge volume of requests, preventing legitimate user requests from being read and responded to.
Why should I be concerned about Denial-of-Service attacks?
Denial-of-service attacks are on the rise. In fact, in the first 6 months of 2022 there were 60% more DDoS attacks than in all of 2021, and with only 14% of businesses expressing concern about such attacks it’s likely that many organisations simply don’t have the right measures in place counter them.
As with many cyber-attack methods, DoS attacks cause harm that manifests in a range of ways. The loss of an online service that customers depend upon can result in immediate reputational damage, and an outage that affects revenue-generating systems (such as an e-commerce website) can have an instant and profound impact on profitability. Service outages can have a detrimental impact on service quality, and in fields such as healthcare – where quality outcomes simply cannot be compromised – an attack could result in complete operational shutdown.
What can I do to protect my business?
DoS attack protection should form part of a multi-layered security strategy that takes a holistic view of online security, however there are some actions you can take to counter denial-of-service attacks specifically:
- Use traffic filtering. Traffic filtering methods can be used to moderate incoming traffic in order to preserve network capacity and ensure ongoing functionality. Traffic Shaping for example, can be used to delay certain kinds of traffic in order to retain bandwidth for more business-critical network activity.
- Improve network capacity. Because DoS attacks seek to exhaust network resources, it’s logical that boosting capacity would improve network resilience and reduce the chance of a DoS attack become business critical.
- Establish failover systems. In the event of a DoS attack it’s important to maintain some degree of service functionality. Establish failover systems and resources that will step in following the onset of a DoS attack. Prioritize your most business-critical systems as well as communication channels to keep customers informed.
- Use Firewalls. Configure firewall protections to limit traffic to your network from hostile corners of the web. Configure “rules” to allow users to access trusted sites and services while prohibiting access to those not required for work purposes.
- Promote awareness. Stay up-to-date on the latest DoS attack trends and encourage your tech team to do the same to help them predict attacks and take the necessary precautions.
Overwhelming, frustrating and damaging in more ways than one, DoS attacks pose an increasing threat to businesses of all sizes, so it’s important to be prepared. Measures designed to thwart or limit the damage caused by DoS attacks should be considered alongside the rest of your security strategy in order to bolster your overall cybersecurity posture.
We help San Francisco businesses leverage technology for maximum reward
Operating from the heart of the San Francisco Bay area, our multi-talented, 20-strong team has the skills and experience required for the most ambitious projects. Our strategy-driven IT support is guided by our extensive experience helping organisations in some of the most technically challenging and compliance-laden sectors, with a desire to allay operational challenges, address regulatory hurdles and overcome commercial constraints central to everything solution we implement. Get in touch today, and find out how proactive, strategic IT support from Centarus could transform your business.