Cyber Security

The Evolution of The DDoS Attack

The Evolution of The DDoS Attack

The Evolution of The DDoS Attack

It’s vitally important for businesses and organisations of all sizes to ensure that their Web sites and other Internet services are available at all times. Whether a web site is the source of revenue by providing an online store or only provides information and contact details for prospective clients, it is damaging both in reputational and financial terms when a web site is not available.

One way that a web site can be made unavailable is via malicious attack from the Internet using a Distributed Denial of Service (DDoS). A DDoS attack can take many forms, but the basic approach is to overwhelm the servers or applications providing a service on the web by sending so many requests that it can’t respond to them all. The result is that either the servers can’t cope, or legitimate access requests just get lost in the traffic leading to long wait times and dropped connections from users.

Even if a business or organisation doesn’t have a high profile Internet presence, they can still be the victims of DDoS attacks. This can either be due to direct attacks on them, or as collateral damage due to attacks on other more prominent organisations with whom they share network and IT services. For example, an attack on a core internet protocol such as DNS provision to impact on one organisation will also impact on all the other organisations using the same DNS service.

History of DDoS Attacks

Denial of service attacks have a long history back to the 1970s on University mainframes. The first recognised instances of DDoS attacks in the current sense of the term occurred in the late 1990s and early 2000s. Several DDoS tools came into common circulation in 1998 that allowed activists to target organisations with whom they disagreed. The first botnet tools that spread via malware infections appeared in 1999, and these quickly became common.

Hacking DNS traffic to disrupt access to sites started in 2000 and then in 2003 the first worms that used Microsoft Windows-based PCs as unwilling DDoS hosts appeared. The success and proliferation of Windows-based PCs made them an ideal target for malware that hijacked them for malicious purposes. Microsoft as a company changed direction to combat the problem and made significant improvements to the Windows security model.

Various new malware and worm-based DDoS tools have appeared regularly over the last 15 years since the 2003 proliferation. They have tended to exploit new security holes that have been addressed quickly upon discovery. In the last few years a new method of DDoS attack has appeared due to the poor security of many Internet of Things (IoT) devices. These types of attacks are increasing along with the rapid growth of IoT device deployment.

New DDoS attack methods are still appearing and are expected to continue to appear in future. The most recent high profile new attack method occurred in 2018 when a feature of the Memcached protocol was used to inject vast amounts of data into legitimate network packets.

It is inevitable that DDoS attacks will continue and will likely proliferate. What can be done to combat this threat?

 Renaissance to the Rescue

In order to avoid becoming a victim of DDos attacks it is vital that you deploy anti-DDoS hardware and software modules. Your servers should be protected by network firewalls and various hardware vendors that Renaissance represent now include software protection against DDoS protocol attacks such as SYN flood attacks.

Cyber Criminals may also be able to bring your web servers offline by DDoSing your DNS servers. For that reason, it is important that your DNS servers have redundancy, and placing them in different data centres behind load balancers is also a good idea. A better solution may even be to move to a cloud-based DNS provider that can offer high bandwidth and multiple points-of-presence in data centres around the world. These services are specifically designed with DDoS prevention in mind.

 Conclusion

DDoS attacks are common. Protecting against them needs to be included in the same business as usual security protection alongside malware and virus protection and other security measures. It needs to be a core part of the IT provision for an organisation and not part of a disaster recovery plan. Renaissance can help you decide what type of DDoS protection or Firewall is best suited to your business needs, contact us today for more information or to discuss.