Posted on September 5, 2021 at 6:21 AM
DDoS attacks have been one of the most common ways for hackers to attack different entities via the internet for years now. Over time, they became quite massive, and very difficult to deal with for a lot of online services, websites, and others.
However, when it comes to service providers, they tend to experience DDoS attacks in a different way than what you might imagine, which is what we wanted to talk about today. But, before we get into the details, let’s briefly go through what DDoS attacks are.
What are DDoS attacks?
Essentially, DDoS attack is a type of online attack where an individual or an entity creates a botnet — a network of hacked devices that are all controlled by the attacker — and then uses it to send requests for information to a targeted website. These requests for information don’t consist of anything other than trying to load the site via a browser, but when enough devices are doing it, the website cannot cope, and it crashes.
Most people have experienced something like this in the past. If you knew that a specific item is going to appear on sale at a specific time, you and others may have tried to access the site at the same time — the time of release. This kind of attention is too much for the sites to cope with, and it often leads to failure to process requests, lagging, and alike.
This is what hackers do on their own when they conduct DDoS, only they use anywhere from a few hundred to hundreds of thousands of devices, or more. The bigger the botnet, the stronger the attack, as each of the hacked devices is requesting information repeatedly, as if you were constantly refreshing the page in your browser.
Enter Service providers
Over the last two decades or so, since the internet went mainstream and arrived in most parts of the world, service providers realized that by going digital, they can increase their customer base. As time passed, many started focusing on this aspect of business, and today, there are many who only offer online services.
They now take pretty much any role, from offering streaming or hosting services, broadband, processing, consulting, communications, gaming, and more. Business is booming as every other aspect of our lives is also going digital, but that also means that there are new threats for service providers to deal with, such as hacking attacks.
Essentially, there is no perfect code, which means that every website, service, security feature, and everything else, has some kind of a flaw. Most hacking attacks revolve around finding and exploiting those flaws. DDoS attacks, on the other hand, do this in a different way — they only target one thing, and that is the system’s inability to mitigate overwhelming requests.
That’s really the biggest difference from how other types of attacks work, as you don’t really need any special skills or abilities to conduct them. You don’t need to be a code-writing genius such as the hackers we tend to see in movies and TV shows to conduct this type of an attack.
When it comes to DDoS, pretty much anyone can initiate them, even the large-scale ones these days. That’s because it is fairly easy to use a botnet, and botnets don’t have to be created from scratch anymore by each individual hacker. There are now botnets available for purchase, and you can even hire them to conduct an attack against a service you wish to bring down to its knees.
It is, of course, completely illegal to do so, and if you are ever discovered, you will be facing punishment, likely in the form of huge fines, prison time, or both. But, that doesn’t change the fact that all you really need is the money to buy or hire one, and a target to use it against.
The golden time of DDoS
Thanks to the possibility of hiring botnets to conduct DDoS attacks, a new concept of DDoS-as-a-service has emerged over the last decade, and unfortunately, it has been rather successful as a business. The authorities have struggled greatly to find and dismantle services like DDoS for hire, but new ones just keep popping up.
One reason for this is the fact that there are now more devices connected to the internet than ever. From PCs to smartphones, Internet of Things devices, and more — anything that can be connected to the internet and has a processor of some kind can be used as a device to build up a botnet.
The users of these devices are regular people, and the issue is that they simply aren’t aware of the fact that their devices are vulnerable. When you buy an IoT device, your first step should be to change its default password to something complex, that cannot be easily guessed. Most people skip this step as they are not aware of its importance. This is what the hackers are counting on, as they then use default passwords to break into such devices and connect them into botnets.
So, with the rise of these devices, the rise of botnets followed, and they became available to people with just a few clicks. You can now hire botnets of any size, from some small ones that you can only pay a few dollars per month for, to massive ones whose subscriptions are worth thousands of dollars.
These ones can initiate some truly massive attacks, and researchers have started to hear about DDoS extortions, as people have started threatening with them unless their demands are met. Such threats often work on smaller service providers, however, as the major corporations and enterprises are able to afford security measures that can handle almost all attacks.
How can service providers protect themselves?
However, it is also worth noting that most enterprises don’t orchestrate large-scale distributed networks, as they typically focus on their own limited services and applications. Service providers, however, have more diverse ecosystems, with large-scale infrastructure, and they are the ones who have to take care of their services, customer networks, and alike.
With that being the case, hackers have to use a lot of processing power to be able to harm them, which is why service providers are typically only targeted by particularly powerful DDoS attacks, capable of overwhelming their systems.
These are the attacks that even they have problems mitigating. Typically, service providers tend to protect themselves with an on-premise DDoS mitigation solution. Deploying such solutions typically consists of a small capacity inline DDoS mitigation appliance, which serves as their first line of defense. The second line of defense would be an out-of-path local scrubbing center, that would be used to mitigate the larger attacks. However, researchers claim that this is not enough, as DDoS attacks keep getting larger and larger.
Some of the largest globally distributed attacks have started hitting DNS services, aiming to overwhelm internet uplinks and have the greatest impact. This is very harmful, not only due to the immediate consequences of the attack, but also because service providers lose the trust of their clients. Not to mention the cost of repairing the damage, which can be quite extensive.
The best way that service providers have employed to protect themselves is cloud-based DDoS protection, which has a high volume mitigation capacity, as well as a global presence. Essentially, the attack gets fully drawn to the cloud protection service, and the service provider feels no real impact.
If the service doesn’t use cloud protection, it can experience access and service outages until it invokes emergency operational services, which can also be quite an expensive solution.
In the end, DDoS attacks are among the most difficult to deal with, as no network is immune to them, regardless of their size. There will always be a bigger attack lurking and waiting to happen, and there is little anyone can do about it.
Security services will continue to boost cloud-based mitigation services and try to parry the attacks as best as they can, but unfortunately, these only get better and more capable after the new major attacks are conducted, so someone is going to have to take the hit first.
Unfortunately, it does seem like DDoS attacks will continue to be a problem for a long time still, although they might be less effective in the future, at least in the form they take right now, once the blockchain technology goes mainstream. Blockchain still has its own issues, but it might be able to disrupt the growing DDoS for hire line of business.