The terms DOS and DDOS are not unfamiliar, having been recognized since the dawn of the internet. A plethora of articles have been written about these attacks, providing insights, on how they occur, and detecting them as soon as they occur.
However, in this series we would be going in-depth on understanding all about DOS & DDOS.
DESIGNING THE WORLDWIDE WEB, SECURITY AN AFTER THOUGHT :
Designing the world wide web as we know, was on the premise of information sharing, and enabling access to these information without adopting method of printing and trying to send these information across using the post-mailing system. Looking back in the evolving of the internet in such a fast manner, and the level of security breaches that has been noticeable since the internet was created, it is no doubt that security also known as internet security was never factored in the master plan, when the internet was founded.
According to Statista, the internet usage data accounts for over 5.3 Billion of the human population, that is over 65.4% of the entire beings (Humans) currently on earth. The human population are known to use the internet for various services, and entertainment. Applications like Youtube, Netflix, Amazon Prime are flooded with tons of users who subscribe to the entertainment services provided by these companies, and others use the internet for shopping essential needs, household items, groceries and a reason why apps like eBay, Amazon, Jumia, Alibaba, Lazada, and Shopee would always have much of the human population accessing these apps.
Inadvertently, these organizations are a huge target by threat actors, competitors alike, and other sponsored hackers either to exploit the system, temporarily put them out of service, or entirely shutdown their servers. Hence, since the era of the internet attacks such as viruses, worms, malwares etc. have been on the rise, and threat actors have discovered more skills in perfecting their hacking, with one of these major attacks being DOS & DDOS.
ATTACKS COMPROMISING ONE OF THE CYBERSECURITY TRIAD “AVAILABILITY” :
Delving into various cyber-attacks, one which focuses on compromising the “Availability” arm of the cybersecurity triad is DOS & DDOS. The threat actors major goal, is in disrupting services which includes website, or network connectivity of the target organization, given rise to the word “Availability Attack.”
To compromise an organization’s service and network, the hacker utilizes a vast spectrum of attack vectors, which would be discussed later in the DOS & DDOS article series. These vectors is dependent on the type and level of availability compromise, the threat actor has in mind.
DoS & DDOS, with no doubt, is one of the major topics discussed in the cyberspace, maybe as a result of government organizations, and big cooperation, being victims of these attacks.
Furthermore, paying a close attention to small business shouldn’t be a thing of negligence, especially when the organization, whose server hosts these small organizations websites, have the tendency of being hit, by threat actors. So now comes the Question what is a DOS & DDOS attack.
WHAT IS A DOS ATTACK?:
A DOS attack, is an ATTACK conducted via the use of a single mechanism or machine by a threat actor. In this situation the threat actor overwhelms its target directly, with voluminous request of data, thereby exhausting the computing resources of the targeted device/server/network, resulting to the infrastructure shutting down temporarily or permanently.
The key sentence here is "a single mechanism or machine."
A Vending Machine Scenario:
Let’s consider a coffee vending machine in your local area (neighborhood), that everyone uses. You visited the vending machine, and decide to repeatedly press the coffee dispensing button without intending to buy any coffee or inserting any money. After you leave, another person from your neighborhood arrives and does the same thing. This pattern continues with different individuals from the same neighborhood, until eventually, the button breaks and the machine can no longer dispense coffee.
In this scenario, think of the neighborhood as a single system or hacker launching an attack. The different individuals represent a series of traffic requests coming from the same system or hacker. The vending machine symbolizes the targeted network. When the vending machine can no longer function or dispense coffee due to the relentless misuse from the neighborhood, it’s akin to a Denial-of-Service (DoS) attack being executed. The machine, like a network under a DoS attack, is overwhelmed and unable to perform its intended service.
WHAT IS A DDOS ATTACK?:
DDOS Attack is always considered as the Big-Brother of DOS, in the sense that the threat actor or hacker, has enough computing resources at its disposal to conduct the various request on its target. These computing resources span from IoT devices et’ al, down to infrastructures across different geo-locations (continents and countries).
Considering the narration above, a DDOS (Distributed Denial of Service) Attack, can now then be defined as a attack conducted by a threat actor, by the use of multiple systems from different locations, which are infected with zombie botnets, to flood a targeted infrastructure with the intent of exhausting its resources/bandwidths and objective of putting its Network/services/Server/Infrastructure out temporarily or permanently.
An ATM Machine Scenario:
Imagine a scenario where your bank, which we’ll refer to as ABC Bank, operates numerous ATMs in your state. These ATMs are managed by a central server that verifies the information provided each time a customer enters their card and PIN. This process ensures the correct information is authenticated and the corresponding bank details for that user are displayed. Given the high volume of people using these ATM services, the bank must employ a robust server that is consistently online and avoids downtime.
Now, suppose a malicious actor discovers the IP address of this central server and decides to overwhelm it with a massive amount of traffic from various countries. This traffic, which is not legitimate and exceeds the capacity of the ATM’s central server, causes the server to crash. As a result, all the ATMs go offline because they can’t communicate with the central server.
The Key description here, is the distributed nature of the traffic. The malicious actor can control and direct this traffic from various countries using a Command and Control (C2) server. If the malicious actor successfully takes the ATM server offline, they are said to have executed a Distributed Denial of Service (DDoS) attack.
A successful attack conducted by Both DOS and DDOS compromises the third arm of the Cybersecurity TRIAD which is "Availability". The key sentence here is "DOS is an attack from a single source to a target", while "DDOS is an attack from multiple sources to a target."
Put your comments below in the comment section on your thoughts about this.