Posted on May 31, 2021 at 1:31 PM

Effect of DDoS Attacks in Disrupting an ISP’s Critical Infrastructure

Distributed Denial of Service (DDoS) is a concept in computing that refers to a cyber-attack experience where the criminal temporarily or permanently interferes with the host’s services connected to the internet. This interference intends to make a network resource inaccessible to purposive users.  

While the main inspirations for DDoS attacks are unknown, they are associated with cyber-vandalism and the desire to disrupt with no apparent reason. There have also been instances when DDoS is an activism attack. The perpetrator responds to a particular cause or event.

The most recent national case of DDoS took place in Belgium when the country fell victim to a huge Distribution Denial of Service attack. The attack interrupted the services of hundreds of companies across the country.

The attack began on 4th May and went on in a series of waves targeting Be1Net, Belgium’s ISP. In response, Be1Net initiated their crisis protocols, first by seeking the intervention of the CCB (Centre for Cybersecurity Belgium).  

Whenever DDoS attacks are conducted against companies, they cause massive financial losses, especially because of the downtime caused. In Belgium, the victim was Be1Net, a national ISP dependent upon multiple infrastructures of the country; the country must have sturdy, effective, and efficient DDoS precautions on standby to facilitate a successful intervention lest they remain vulnerable. 

Key features of a DDoS attack/ How a DDoS attack looks like

When a DDoS attack happens, the perpetrators go after the services offered by an ISP or their server to make it inaccessible to the intended users. The following is a description of how a DDoS attack looks like:-

When a DDoS happens, it affects many computers, causing a malware infection that facilitates the attackers’ effort to control the devices of the ISP without being noticed. Secondly, after the infection, the perpetrators leverage their skills and control to misuse the ISP’s botnet (affected computer network), causing them to perform remotely controlled DDoS attacks.

The attackers use the botnet to initiate multiple attacks on the ISP’s network, using many requests or commands to bombard its infrastructure. 

The number of computers linked on the internet service provider network is directly proportional to the potency of the attack. Supposing a business’s server operates absent DDoS protection, the server becomes overpowered by the extensive remote commands, causing the ISP to be overloaded. Such an outcome causes the concerned website to operate extremely slowly, or worse, does not serve at all.

DDoS attackers and the methods they use

Many people can assume the DDoS attacker’s role depending on what motivates them. DDoS attackers could either be individual criminals or groups, political activists, business rivals, or even dissatisfied users. In their criminal acts, these attackers could be extortionists or business rivals seeking to harm their competition.

The DDoS attackers could also be envious of what you and your business have achieved or political activists conducting a protest. Nonetheless, despite their intentions, the ultimate goal of a DDoS attack is to cause a significant amount of damage to the victim company.

The attackers use multiple varying kinds of DDoS attack approaches in their criminal activities. These methods can be categorized based on layers where the attack is focused. According to the OSI (Open Source Interconnection ) model for network protocols, one of the approaches that DDoS attackers use is overloading system resources such as the bandwidths of the network.

Overloading system resources has been a common trend in the cybercrime space, where the attackers target the user level. Nonetheless, the patterns and bandwidths of DDoS attacks tend to change from time to time.

Cybercriminals overloading the system resources is an attack on layers 3 and 4. In contrast, an attack on the user level is a layer 7 kind of attack. DDoS attacks on application layers 3 and 4 overloads the target with extremely high bandwidth or huge packet rates. Doing so renders authorized efforts of accessing data channels for communication establishment useless.

On the other hand, DDoS attacks on application layer 7 target the weakest infrastructure component, resulting in an overload of the web application. Overloading the server renders it unable to process authorized requests, thus making the website inaccessible to users.

Consequences of DDoS attack

Regardless of the approach used by the cybercriminals, DDoS attacks are harmful to the victim organizations and make these institutions and their business suffer over a long period. As such, a company must set up an effective and efficient Distributed Denial of Service protection mechanism at all times.

There are many consequences that a company has to face after falling victim to a DDoS attack. The prevalent three include the following:-

• First, a DDoS attack causes economic damages to the company. When an organization experiences downtime (a period of being offline), the company can easily lose a significant amount of money and reduce its profit margin. When profit is lost, and the marketing budget has gone down the drain because of the downtime, the company faces significant financial damages.
• The second consequence of a DDoS attack involves a damaged brand image. It is impossible to measure the extent of damage that the business’s reputation will incur following a DDoS. To recover from this attack, the company will have to spend a sizeable amount of time and resources.
• Thirdly, a successful DDoS attack normally results in data being stolen by cybercriminals. When the systems fail to operate normally following the attack, some systems become more vulnerable because of the overload. Such an outcome exposes the system to multiple forms of attack, including stealing data.

The IoT as a DDoS accelerator

The Internet of Things (IoT) is made up of many devices that have been networked together. When these devices are connected to the internet, they make a desirable target for cybercriminals to attack because they can serve as instruments for DDoS and related attacks.

DDoS attackers, among other cybercriminals, use specific malware that spreads within the ISP’s network independently to gain control over IoT devices.

DDoS attackers are motivated to compromise the service providers’ systems and use them for attacks against multiple internet-connected devices (botnets). Using Mirai as an example, this malicious software is linked with Dyn; an ISP attacked five years ago.

Internet attackers used the software in setting up botnets. In Dyn’s case, thousands of IP cameras, printers, and smart TVs, among other devices, were simultaneously attacked using a DDoS network. The attack crippled the servers of Dyn Company for a prolonged duration.

Preventing DDoS attacks

Cybercriminals like DDoS are sophisticated now more than ever before, upscaling their skills and improving their methods for maximum disruption. They use different tactics and vectors to deliver their malware, distracting and attacking their target organizations.

A business with a sturdy DDoS mitigation solution running (progressively enabled) will do well in an extremely competitive and dangerous business market. They can manage and mitigate looming disruption swiftly and successfully, thereby ascertaining the delivery of important services.

Mitigating DDoS attacks, otherwise described as DDoS protection, demands that an organization employs special protection technologies. The technologies are normally present as an appliance for local use within the premise or as Security as a service (SECaaS service).

Security as a service refers to an outsourced service in which an external organization takes charge and controls a company’s Security. The SECaaS service is not restrained by the overall bandwidth of the organization’s connection. As such, the SECaaS service can serve in a more agile and dynamic fashion. 

DDoS protection measures sieve out the incoming traffic, thereby distinguishing between the rational requests or commands and the malicious access commands. Organizations known to be prevalent DDoS targets by internet attackers have their DDoS protection mechanisms on standby at all times.

Nonetheless, other organizations only enable the DDoS protection tools when they feel threatened, an action inspired by their need to lower their costs and minimize workload. Being fully dependent on ISP security solutions to mitigate against a DDoS attack can leave your business vulnerable and susceptible to very many risks because Internet Service Providers are not masters in DDoS protection, 

Most DDoS protection strategies feature service level agreements (SLA), which is a commitment that links the service provider to the client on quality of service, availability, and the responsibilities for which the service provider has been hired to perform.

It is very easy for a security team to lose time trying different mitigation strategies to combat what the cybercriminal has set in motion. Time is wasted even more in a situation where the perpetrator can employ different approaches or apply varying vectors.

Unfortunately, the company is offline due to the security team trying out different tactics bears significant consequences to the company. The lost time translates into a sizeable amount of money being lost by the company.

Worse, when it concerns infrastructure that is naturally depended upon, it was the case in Belgium. Using the case of Belgium as an example, the downtime that resulted from the DDoS attack destroyed Belgium’s reservation portal for the Covid-19 vaccination.