DDoS (Distributed-Denial-of-Service) Attacks and their different types explained

For over a decade, the unprecedented digital transformation lead enterprises to invest on their cyber resilience, based on investments on cyber security measures and technologies. Such investments are a key prerequisite for protecting modern organizations from various types of cyber-attacks. One of the most sophisticated types of cyber-attacks is the Distributed Denial of Service (DDoS). In the scope of a DDoS attack, a malicious party attempts to overwhelm a networked resource (e.g., website, networked services) with a flood of internet traffic towards making it unavailable to its users.  Most DDoS attacks use one or more networks of compromised computers (e.g., botnets) to flood the target resource with a large amount of traffic. The traffic can combine data from different types of traffic such as HTTP (Hypertext Transfer Protocol) requests, UDP (User Datagram Protocol) packets (i.e., udp flood), ICMP (Internet Control Message Protocol) packets, and more.

The impact of DDoS attacks on both individuals and organizations can be devastating. For instance, DDoS attacks can lead to loss of revenue, reputation damage, and legal issues (e.g., liabilities relating to sensitive data). In recent years, many enterprises have suffered such consequences due to notorious attacks against their infrastructures. As a prominent example, back in 2016, a DDoS attack was launched against Dyn, a company that provides internet services such as DNS (Domain Name Service). The attack caused widespread internet disruption that affected some of world’s most popular websites, including Twitter, Reddit, and Netflix. The DDoS attack against Dyn leveraged a botnet of Internet of Things (IoT) devices, including cameras and router. As another example, a DDoS attack against the GitHub code-sharing website took place in 2018 and was (at that time) recorded as the largest scale attack in history.

Many DDoS attacks have also taken place during the last couple of years. For instance, in 2020, DDoS attacks were launched against the CloudFlare cloud security company, as well as against the Akamai content-based network. More recently i.e., in 2021, novel DDoS attacks against DNS providers of the US East Coast took place. The attacks leveraged an innovative approach to amplify the traffic, which was conveniently characterized as ‘reflection amplification’. This innovation is indicative of the constantly evolving nature of DDoS attacks and organizations need to stay informed about the latest attack methods. As a first step to confronting DDoS attacks, individuals and organizations must be aware of the challenging nature of DDoS attacks and of the risks associated with them.

Understanding the DDoS Challenges

DDoS attacks are very difficult to prevent, which makes them very popular among hackers’ communities. Specifically, organizations have hard times identifying and confronting DDoS attacks for the following reasons:

• Distributed Nature: DDoS attacks are launched through botnets that span very distributed networked environments. In the scope of such environments, it is very difficult to trace the origin of the attack and to act against the attacker.
• Large Traffic Volumes: DDoS attacks flood organizations’ networks with large volumes of traffic, which makes it very difficult to distinguish legitimate traffic from attack traffic.
• IP address Spoofing: It is very common for attackers to use spoofed IP addresses when launching a DDoS attack. Thus, organizations have no easy ways to block the attack traffic at its source.
• Multiple Attack Vectors: There are many options for implementing and deploying DDoS attacks, such as volume-based attacks, protocol attacks, application layer attacks, and amplification attacks. Hence, organizations have hard times dealing with all the different types of attack vectors.
• Evolution of DDoS approaches: DDoS attacks evolve in novelty and intelligence, as adversaries constantly develop new techniques to evade detection and to launch more sophisticated attacks.
• Scale up Challenges: Many DDoS attacks are launched at a large scale. To confront such attacks, organizations must deploy significant amounts of human and computing resources. The availability of such resources cannot be taken for granted and are not always available.

Types of DDoS Attacks

One of the most important steps to confronting a DDoS attack is to detect its type in order to organize the cyber defense accordingly. The most prominent types of DDoS attacks include:

• Volume-based attacks: These are attacks that flood the networked resource (e.g., server) with large volumes of traffic towards making it inaccessible to legitimate users.
• Protocol-based attacks: These attacks exploit proclaimed vulnerabilities in specific networked protocols such as the TCP (Transmission Control Protocol) and the UDP protocols. By compromising the operations of these protocols, malicious parties can disrupt networked connections and services.
• Application-layer attacks: Application-layer attacks are similar to protocol-based attacks. However, instead of attacking network and transport layer protocols, they focus on the vulnerabilities of application-layer protocols such as HTTP and DNS.
• Amplification attacks: These attacks tend to be very sophisticated. They use networks of compromised devices to amplify the traffic that is sent to the target networked service or resource.
• Smurf attacks: This is a special type of DDoS attacks that use IP spoofing to flood a target with ICMP echo request packets. It is one of the most popular network flooding techniques. In many cases Smurf attacks are also called as “ping” attacks (i.e., “ping of death”). This is because ICMP packets are at the heart of the popular “ping” service.
• Slowloris attacks: This is specific type of denial-of-service attacks that leverage the Slowloris tool. The tool allows a single machine to attack other computers (e.g., web server) using minimal bandwidth. Most importantly, the Slowloris attacks cause side effects on other, potentially unrelated ports and services i.e., they cause the “slow flood” phenomenon.
• Hybrid attacks: These are special types of attacks that combine two or more of the previously presented attacks. They are very challenging to confront given that they combine multiple methods to produce novel and sometimes rare attack patterns.

The above list of DDoS attack types is by no means exhaustive. DDoS attacks are constantly evolving, and new types of attacks are being developed all the time.

In conclusion, DDoS attacks are among the most popular methods used by hackers to attack modern digital infrastructures and organizations. These attacks are gradually becoming more sophisticated and harder to prevent. Developing a successful cyber-defense to these attacks requires a multi-layered approach, including a combination of network-based, cloud-based, and application-layer protection measures. Moreover, organizations must develop effective incident response plans for DDoS attacks. Having such plans in place can enable them to quickly respond to DDoS attacks, which is crucial for minimizing their impact.