Defining what DOS and DDOS attacks are, has been established, it becomes essential to delve deeper into the next part of this series. Which is, how these attacks are carried out, along with an analysis of the attacks that took place in 2023.
The objective of a DDOS attack, is to ensure the unavailability of internet services, rendering business owners inactive, and frustrating the end users from obtaining the vital and important resources they desire at the given time of request.
As the cost of keeping internet services increases, so also the cost of maintaining, and ensuring these services are constantly running, increases as well. Although the creation of one of the strongest botnet ever known Mirai, has been apprehended, variants of the Botnet has been seen impacting various industries in a massive DDOS campaign.
According to data from ddos-guard, over 443k+ of DDOS attack was recorded to have occurred on the Layer 3(Network-Layer), and Layer 4(Transport-Layer), and additional 1.8M+ was recorded on Layer-7(Application-Layer) in the year 2023, with the entertainment industry, experiencing the highest surge of DDOS incident, estimated to be over 21.1%.
Breaking it down further, the Layer 3-4 experience a total number of 1.2k+ average attack in a day, with 50-attacks recorded every 60-mins. while, the Layer 7 (Application-Layer), experienced a total number of 4.9k+ average attack in a day, with over 208-attacks recorded every 60-mins in just 2023.
In addition, a disclosed statistical data by Cloudflare reveals, the leading countries, responsible for originating DDOS attacks targeting the L3-L4 layers (Network Layer & Transport Layer) .In the list provided, New Caledonia emerges as the top offender, reportedly exhibiting the highest prevalence of botnet attacks in Q1 of 2023.
These Advanced botnets found in the wild, have the capability to disrupt entire countries, showcasing a remarkable evolution in their power over the years. Notable instances include an attack on the Bermuda government, believed to be orchestrated by Russian threat actors, as well as attacks on X (formerly Twitter) by anonymous Sudan, and the NMBS railway in Belgium.
DDOS ATTACK SURFACE:
The attack surface of Distributed Denial of Service (DDOS) Attack, is quite large and comprises of all internet facing devices such as IoT’s, and Hardware & Software components. These attack surfaces, are categorized based on the following:
- Network resources e.g. (Firewalls, Hubs, routers, gateways, and wireless spectrums).
- System resources e.g. (computer memory, network interfaces, operating system types, web-application servers).
- Protocol types, and implementations.
- Physical damaged done (e.g. server damaging, cables, satellites, servers, etc.).
HOW DDOS IS CARRIED OUT :
A threat actor methodology on carrying out a DDOS attack, involves the altering of configuration files of compromised network and systems, resulting to the damaging of network components or illegally consuming the resources.
According to Carl et’ al, these result into resources starvation, which can be categorized into two general group:
1. Vulnerability based Attacks.
2. Flooding Attacks.
- Vulnerability as the name stands, exploits the weakness or bugs discovered in a software or protocol, with the intent of exhausting its resources, such as the CPU-time, memory, storage space, or data structures.
- Flooding Attacks on the other hand, tries to push packet or data to the targeted system, or network. These packets are usually more than the targeted system, or network can handle, thereby resulting into putting out these targeted infrastructure out of service.
The power of a DDOS attack involves the use of multiple nodes, and these nodes are compromised systems, IoT devices etc. These compromised Nodes becomes zombie agents also known as collection of botnets, which are then controlled via a C2 (Command-n-Control) server by the attacker.
In a precise manner, the constant flooding of request to a target or organization, is conducted by these myriads of zombie botnets installed in various compromised nodes. Notably, these nodes operates outside the knowledge of these hardware and infrastructure owners, whose devices act as zombies, and its sole aim is to flood the victim, with requests that destroys the targeted infrastructure.
Put your comments below in the comment section on your thoughts about this.
