Along with the many advantages that the internet has brought into the world, it has also introduced a number of security risks along with it too. For users, these generally take the form of scams and security breaches that can cost them many thousands of pounds. For organizations who rely heavily on their websites to continue operating successfully, the consequences can be even more serious.
For users, securing themselves can take a number of different forms depending on whether their data is secured in the cloud or on their PC. It is often simply a case of applying a little common sense. For businesses and other organizations, however, the threats are greater and the methods of protecting against them are complex.
In recent years the main form of danger that many have faced has been the Distributed Denial-of-Service attack (DDoS), an all-out assault on a website whose principle purpose is to stop it functioning.
This is potentially very serious, especially if the business in question relies on internet traffic for its very survival. A prime example is the online gambling industry, whose operators need to provide its players with a safe and secure connection at all times. Failing to provide this can mean that players choose to desert any site suffering a DDoS attack, possibly never to return. This one of the reasons site’s like 888 Casino have such stringent cyber security measures in place to help protect the site and their customers, it is one of the key things which makes them such a well-respected and trusted online casino.
The Who, Why and How of DDoS Attacks
DDoS attacks can be carried about by anyone from hackers acting alone to organized criminal gangs.
The first question is exactly who carries out DDoS attacks and this is far from simple to answer. It can be anyone from a criminal gang or organization to a single hacker working from their bedroom. As to the motivation, this can also take a number of forms.
The first of these is simple malice – just because the person, or people, in question can. This was probably the motivation behind one of the biggest attacks ever to have taken place in the UK. This occurred in December 2015 when the BBC website was brought to a halt by a group that named itself New World Hacking.
The second is for the purposes of extortion. While the intended victims are understandably reluctant to admit that they have been forced to make payments to either prevent or call off an attack, it’s believed that financial institutions and retailers have suffered in the past. Often ransom demands are made in Bitcoin and other cryptocurrencies whose recipients cannot be traced.
The third motivation behind a DDoS attack is sometimes to create a diversion during which the attackers can get into the main computer systems of an organization and start to harvest data. The idea is that all of the victim’s IT resources will be diverted to mitigating the attack, allowing easier access to overcome firewalls and other security measures that are in place.
How do the attacks work?
DDoS attacks work in a number of ways with some attacks more sophisticated than others, depending on the hacker’s target and method of attack.
As to how the attacks work, at the most basic level a website is flooded by requests and communications that effectively cause a data traffic jam that makes the target site crash. This is achieved by marshaling a so-called botnet of hacked computers and other devices that are coordinated to launch the assault. The botnet may be created by the perpetrators themselves or be made available for use, for a fee, by third parties in arrangements often made on the dark web.
In technical terms, there are three basic types of DDoS attack:
- Application Layer attacks that aim for the layer on the server where web pages are created. These attacks are particularly difficult to counteract as it is hard to differentiate genuine web traffic of this kind from malicious communications.
- Protocol attacks exploit the TCP “handshake” that is the usual way that two or more computers start to communicate with each other. The botnet devices fail to complete this stage which, in turn, ties up the target server as it waits for a reply or confirmation.
- Volumetric attacks simply overwhelm a site thanks to the sheer amount of data that is requested from the target, paralyzing it in the process.
Counteracting attacks
Being equipped to counteract dangerous cyber-attacks from hackers can be hugely beneficial for your business.
There are a number of strategies that can be used in an attempt to neutralize an attack, some more successful than others. The first of these is called black hole routing. As the name suggests, this involves sending all internet traffic into a virtual black hole where it can do no damage. The disadvantage of this is that all traffic, not just the malicious kind, is lost.
- Rate limiting is another method and one in which the amount of requests that a server will accept over a specified period is limited. On its own it’s not enough to foil an attack but, used in conjunction with other techniques, it can play an important part.
- Network diffusion is a process in which the flood of requests being made is split up into a number of smaller streams or channel that enables the network to absorb the excessive traffic.
Finally, a Web Application Firewall can be a highly effective way to prevent the traffic from reaching the server, particularly in the case of volumetric attacks. The only issue is that it can be difficult to differentiate between malicious and normal traffic. However, there is an increasing use of artificial intelligence to help identify attacks which uses machine learning to spot the early warning signs that one might be imminent. With so much commerce being conducted online by businesses like Amazon, to whom continuous operation is vital, its development cannot come soon enough.
Summary
The seemingly exponential growth of the Internet of Things also poses an increasing danger of more DDoS attacks. This is because many of the devices that can connect to the IoT have few or no security measures built in. This will mean that the potential for growing bigger and more powerful botnets, capable of even more powerful attacks, will grow in future years.
This, in turn, is going to mean than stronger and more robust security measures will need to be developed and put into place if the world is not to be held to ransom by hacking gangs focused on disruption.