A DDoS (distributed-denial-of-service) attack is a type of cyberattack used to disrupt the normal traffic of a site or service with requests. The attack affects different platforms, including websites and video games.
In a DDoS attack, the server infrastructure that an online service relies on experiences unexpected traffic, forcing it offline.
Since the first denial of service attack in 1974, DDoS attacks have become the most significant cyberattack type. This article will explore how attackers who use a DDoS have become more sophisticated, as well as provide methods of mitigating risks of their attacks.
How Does a DDoS Work?
Networks of machines connected to the internet may be used to carry out DDoS attacks. The types of machines used in a DDoS attack include computers. The collection of devices used for a DDoS are known as botnets.
DDoS attackers use malware to gain control of the devices so that they may remotely direct attacks. It is difficult to distinguish between a botnet and a normal device as systems typically recognize botnets as legitimate internet devices.
Here are the types of ways DDoS attacks can be carried out and how they can affect you.
1. Windows Remote Desktop Protocol
Windows Remote Desktop Protocol (RDP) is used to connect computers over networks. Microsoft's propriety protocol has made it easy for people to connect computers over networks.
Research by Netscout shows that Windows RDP has been used to amplify DDoS attacks and exploit new vectors. User Diagram Protocol (UDP) was an important component used by attackers to carry out DDoS attacks with the servers.
UDP is a communication protocol used for time-sensitive transmissions such as voice and videos. Its speed is based on the fact that it does not formally establish a connection before transferring data. This has several disadvantages, including packets being lost in transit and vulnerabilities to DDoS attacks.
Although not all RDP servers were abused, cybercriminals used Windows RDP to bounce and amplify junk traffic for their DDoS attacks. Attackers took advantage of systems where RDP authentication was enabled on UDP port 3389 on top of the standard TCP port 3389. Attackers sent UDP packets to the UDP ports of RDP servers before they were reflected to targeted devices.
2. Jenkins Servers
Jenkins is an open-source server used to automate software development tasks. A Jenkins server can be used to carry out a variety of critical software development tasks, including building, testing, deployment, and continuous integration.
A vulnerability was identified, which made it possible to launch DDoS attacks with Jenkins. While the bug was fixed, the vulnerability shed light on some of the DDoS risks related to bugs in servers.
Security researchers discovered that an attacker could use the Jenkins UDP discovery protocol (on UDP port 33848) to amplify DDoS attacks, bouncing the traffic off the server to the intended target. Attackers could then use the vulnerable Jenkin's servers to amplify traffic by up to 100 times.
The bug also made it more likely for the servers to be tricked into sending continuous packets to each other. This can lead to infinite loops and crashes.
3. Web Services Dynamic Discovery (WS-DD) Protocol
Web Services Dynamic Discovery (WS-DD) Protocol is a multicast discovery protocol used for locating services or devices on a local network. Video monitoring and printing are some examples of activities WS-DD is used for.
Research reveals that cybercriminals have used WS-DD as a UDP amplification technique. In 2019, attackers carried out over 130 DDoS attacks with the protocol, using over 630,000 devices to amplify the DDoS attacks. As the use of IoT (Internet of Things) devices increases, these types of attack vectors could become more of a concern.
4. DDoS Vulnerabilities on 5G
5G promises to improve the speed and responsiveness of wireless networks. The 5th generation mobile network will connect people and their devices like never before, with better bandwidth and advanced antenna technology.
However, an increase in the number of connected devices could cause the risk of DDoS attacks to grow.
As the size of the IoT device network grows along with the introduction of 5G, the attack surface for DDoS attacks could widen. There are a lot of vulnerable and unprotected IoT devices in existence.
Inevitably, there will be many security improvements to make in the initial stages of implementation for a new network like 5G. The combined vulnerabilities of IoT devices and the new security structure of 5G networks may make 5G devices an easy target for creative cybercriminals.
Cybercriminals are likely to use 5G to expand their DDoS attack bandwidth. The extra bandwidth could enhance the impact of volumetric attacks where bandwidth is used to saturate the bandwidth of the target.
5. ACK DDoS with Pulsating Waves
Web infrastructure firm Cloudflare spotted a DDoS attack that sends traffic in pulsating waves, similar to the beat of a drum. The creators of the attack may have chosen to use the less conventional method of sending traffic to deceive security systems.
The globally distributed attack lasted for two days, using nodes to send equal numbers of packets at equal rates. The creativity wasn't enough, however. Over 700 attacks were detected and controlled.
6. Multi-Vector Attacks
Multi-vector attacks involve using a combination of different techniques to carry out attacks on multiple attack vectors of the network, application, and data layers.
In recent years, multi-vector attacks have become more popular as hackers find new ways of attacking platforms. Multi-vector attacks can be extremely hard to defend against due to how hard it can be to prepare resources to respond to multifaceted attacks.
As more protocols are implemented on the internet, the attack vectors that cybercriminals can use will increase. Advancements in hardware and software worldwide give rise to new opportunities for cybercriminals to experiment with new attacks. BitTorrent, HTML, and TFTP are among the commonly used attack vectors.
7. Botnets Affecting Android Devices
A new botnet uses Android devices to launch DDoS attacks. The botnet, Matryosh, uses a command-line utility, Android Debug Bridge (ADB), in Google's Android software development kit (SDK) to carry out attacks. ADB allows developers to remotely execute commands on devices.
ADB is unauthenticated. This means that an attacker may abuse it by enabling the Debug Bridge on an Android device. What's worse is that a lot of products have been shipped with Debug Bridge enabled. Such devices could easily be accessed remotely and have malicious software installed in them to carry out DDoS attacks.
When Matryosh is run on a device, it obtains a TOR proxy to hide its activity. This could make it much harder for anti-virus software systems to identify malicious software and attacks.
Reducing the Risks of DDoS Attacks
The risks of DDoS attacks can be greatly reduced with adequate preparation. Cloud technology, response plans, and understanding of warning signs are among the key factors determining whether DDoS attack risks materialize.
Cloud-Based Service Providers
DDoS prevention can be outsourced to cloud-based service providers. While this may be costly in the short-term, it offers benefits that can reduce long-term costs. Cloud usually has more bandwidth resources than private networks. Additionally, it is harder for attackers to reach their intended destination through cloud-based applications due to the wider allocation of resources and highly sophisticated firewalls.
DDoS Attack Warning Signs
It is important to have a good understanding of the red flags that could indicate a DDoS attack. This can make it easier to quickly deploy solutions to reduce the risks of losses that an attack may cause. Website shutdowns, the slowdown of networks, and considerable reduction in user experience quality are among the common signs of an attack.
DDoS Response Plan
A DDoS response plan is needed to implement a good defense strategy. The plan should be based on a thorough security assessment. A DDoS response plan should be detailed and executed with precision. The plan should include details of the response team, contacts, notification procedures, escalation procedures, and a systems checklist.
Adapt and Overcome
Cybercriminals are constantly evolving as they seek new ways to exploit systems for personal gain. As new technologies are introduced, more attack vectors will inevitably be created, giving rise to opportunities to implement creative DDoS methods.
Not only do we have to take extra measures to protect ourselves against attacks stemming from age-old vulnerabilities, but also, we need to tackle the risks that come with a new era of more diverse and advanced technologies.