Security and Email Security

How does a DDoS attack work?

by Egress
Published on 14th Oct 2022

Phishing and other social engineering attacks are widely discussed and investigated in the cybersecurity world, but distributed denial of service attacks (DDoS) attacks don't always get the same kind of coverage. DDoS attacks are less well-known but still present a clear threat to businesses. Compared to Q4 of 2020, the average daily number of attack mitigations in the first six months of 2021 increased by 25%

Here's a refresher on DDoS attacks and how to protect your organization against them.

What is a DDoS attack?

DDoS attacks are designed to overwhelm a server – quite literally, flooding it –  with HTTP requests until it can't handle them anymore. Once that server is so flooded that it can no longer respond normally to standard traffic, denial-of-service happens. This means real users can't then access the site.

Put simply – these attacks render the server unusable. From the user's perspective, it will look like the website they're on is no longer displaying content. For the website owner, the site is weakened by the attack, creating the prime landscape for a breach. The DDoS attack is a smokescreen to distract from and hide a more serious attack.

How does a DDoS attack work?

There are two types of DDoS attacks:

HTTP GET attacks

Multiple devices send requests for files to the server targeted by the threat actor. These requests eventually overwhelm the system, causing denial of service.

HTTP POST attacks

When a user submits a website form, the server deals with the request as it comes in and pushes the data into a database. This process is fairly intensive compared to the power and bandwidth required to send a POST request, so a POST attack can take advantage of that disparity and send lots of POST requests to the server. As with GET attacks, this floods the server and triggers the denial of service.

Strategies cybercriminals use to carry out a DDoS attack include:

  • Infiltrating multiple devices
  • Exploiting known vulnerabilities
  • Disabling services or networks
  • Compromising system resources
  • Taking advantage of un-patched software

Carrying out these attacks involves cybercriminals using bots to send huge amounts of requests, which is how they can flood a server so effectively. When also infected with malware, these bots can cause large-scale damage, as many websites can't handle the number of visits forced upon them in a flood attack, let alone mitigate multiple breaches.

How to stop a DDoS attack

It's easy to blame the sophistication of cybercriminals for these attacks, as their skills only evolve as cybersecurity improves. However, sometimes, the victim plays a part, too, as they don't always have basic security measures to protect against an attack. 

Perform adequate testing

Notoriously, back in 2016, the Australian Bureau of Standards (ABS) created havoc on the country's census day by crashing. The website had been tested to 150% of its expected traffic, so IT experts diagnosed the problem as a DDoS attack. However, testing to 150% usage was never going to be enough when 11 million people would be using the site at the same time. 

ABS spent a lot of time attempting to convince the public that their data would be safe, only for a vulnerability to occur immediately. It's important to have the knowledge and appropriate testing in place – and to ensure it's regularly updated – to maintain readiness.

Set up adequate firewalls

As well as inadequate testing, inadequate firewalls are a problem regarding flood attacks. Servers that aren't secure give threat actors opportunities they wouldn't otherwise have. A web application firewall (WAF) can track and block malicious visitors to protect you from DDoS attacks. 

Verify server capabilities

Another way to create better security is by ensuring the requesting machine within the server can test whether a visitor is a bot or not, similar to the way we are tested to ensure we're human when opening a new online account. This strategy can mitigate attacks very effectively.

Protect yourself from a flood attack

The thing to remember with DDoS attacks is that word from earlier: smokescreen. You might not think DDoS is too much of a problem, but if it's shrouding something much more damaging, you have a significantly larger issue. Being prepared with thorough testing and firewall security is your best protection from a DDoS attack.

Get more security tips and insights here.