Crowdsourcing is the idea of harnessing the strength of the crowd, usually involving large numbers of networked computers on the internet, to solve a single large task. That might be a service like Waze, which uses drivers’ specific travel experiences of traffic jams and road hazards to create a real-time traffic map that can help everyone, or crowdfunding, in which a large number of early adopter customers assist with willing a product into being by contributing startup funds.
The kinds of botnets used in DDoS (Distributed Denial of Service) attacks represent the sinister flipside to this connected dream. This kind of botnet exploits the fact that large numbers of computers are connected together to launch massive cyberattacks against targets — almost always without the owners of those machines knowing that their computer or connected device is being used in this way.
The “zombie army” strikes
In a botnet DDoS attack, a “zombie army” of hijacked connected devices — infected with a malware that allows them to be controlled remotely — are used in a coordinated attack against a target. Victims of a DDoS attack are bombarded with large amounts of fake traffic, overwhelming websites or online services with floods of data packets, queries, or requests. This has the effect of disrupting the target’s ability to operate as usual, making it inaccessible to legitimate traffic from real users.
While a botnet is controlled by just one person or a small group, known as the “botmaster” or “botherder,” botnets can be thousands strong in terms of size.
In February 2021, security researcher Phenomite reported that botnets operators were harnessing VPN (virtual private network) servers from a VPN provider called Powerhouse Management in a way that allowed them to further amplify traffic sent as part of a DDoS attack.
The attack vector allowed cyberattackers executing a type of DDoS attack called a UDP flood to ping a Powerhouse VPN server with a single byte UDP packet request, and have it amplified by up to 40 times, before being sent to the IP address of a target. This is a hitherto undiscovered means of carrying out what is referred to as a reflected or amplified DDoS attack. These attacks have reportedly been used in real world attacks in which targets were bombarded with up to 22 GBps (gigabytes per second).
The devastating impact of DDoS
This is just one example of a DDoS attack vector that has been recently discovered. Unfortunately, DDoS attacks are becoming increasingly widespread and popular. DDoS attacks ramped up particularly during 2020 as the world suffered from the coronavirus pandemic, causing more people than ever to rely on vital internet infrastructure. During the year, the number of DDoS attacks in any given month regularly topped 800,000.
Attacks have also become more commonplace due to botnet-for-hire services. These allow would-be attackers to rent a functioning botnet for as little as a few dollars in order to attack targets.
The effects of a DDoS attack can be devastating for a target, which might range from businesses to schools to, in some cases, even medical organizations. An attack can be maintained for anywhere from a few minutes to hours to, in some cases, days or weeks.
During that time, targets face unrequested downtime, during which customers or other users will be unable to access their services. In some cases, this can have a lasting detrimental impact, denting customer loyalty by failing to offer the services that are being paid for or requested. Companies may also spend money fighting attacks, while having to shell out money to deploy backups in an attempt to restore their systems to working order.
Hackers are acutely aware of how devastating DDoS attacks can be. As a result, a growing number of attackers will seize upon this to try and extort money from targets. Rather than simply launching an attack, they may threaten one (sometimes accompanied by a smaller-sized attack to prove that they are serious) unless a ransom is paid.
Employ the right defenses
With DDoS attacks gaining momentum, it is important that companies and organizations do their utmost to defend against them. Fortunately, a Web Application Firewall (WAF) will help to stop malicious traffic from outside your network, while continuing to allow traffic from legitimate users. Cybersecurity tools can also assist by providing the tools that will allow you to absorb even large attacks in terms of size and duration. This means that your online service or site will continue to be accessible by users.
Employing the right anti-DDoS tools should be a priority for any business. The potential stakes are high when it comes to being the target of such a vicious and disruptive cyberattack.
These types of strikes by malicious actors are not likely to subside any time soon. However, it is possible to defend against them in a way that ensures you will not be the victim of a DDoS assault. It should be a vital part of your cybersecurity strategy.
Interesting related article: “What is Cybersecurity?”