{"id":4014,"date":"2023-03-02T10:00:00","date_gmt":"2023-03-02T10:00:00","guid":{"rendered":"https:\/\/mintivo.co.uk\/news\/everything-you-need-to-know-about-a-ddos-attack\/"},"modified":"2024-02-13T17:36:22","modified_gmt":"2024-02-13T17:36:22","slug":"everything-you-need-to-know-about-a-ddos-attack","status":"publish","type":"post","link":"https:\/\/mintivo.co.uk\/news\/everything-you-need-to-know-about-a-ddos-attack\/","title":{"rendered":"Everything you need to know about a DDoS attack"},"content":{"rendered":"\n

It\u2019s frustrating when you can\u2019t access a website. Tickets go on sale for the must-go-to festival or Black Friday brings a deal that is too good to miss. The volume of traffic, from legitimate would-be customers trying to buy what is on offer, overwhelms the site. A good website hosting provider<\/a> will help with this, but what happens when the high level of traffic is created not by legitimate customers, but by \u2018bad actors\u2019? What happens when the traffic is generated not by one rogue computer, but by a coordinated, distributed network attack? Welcome to the increasingly common event that is a Distributed Denial of Service, or DDoS, attack.<\/p>\n\n\n\n

About Mintivo:<\/span> We deliver robust security solutions and consultancy tailored to the diverse needs of businesses in various sectors including defence, charities, financial services, and manufacturing. Learn how we can support you with a technical advantage through managed cyber security services<\/a>, fully managed IT support<\/a> and so much more.<\/p>\n\n\n\n

What Is a DDoS Attack?<\/h2>\n\n\n\n

DDoS is short for distributed denial of service. A DDoS attack occurs when a bad actor uses resources from multiple, remote locations, to attack the online operations of a business or organisation. Often, the multiple devices that are used for the attack (known as a Botnet) have been infected with malware and are participating without the knowledge of their operator.<\/p>\n\n\n\n

Unlike other kinds of cyber assaults, a DDoS attack does not attempt to breach a company\u2019s IT security. Instead, a DDoS attack aims to overwhelm network devices and servers and make a website unavailable to legitimate users. However, DDoS is sometimes used to hide other malicious activities, compromising security appliances, and allowing an organisation\u2019s security perimeter to be breached.<\/p>\n\n\n\n

What is the difference between a DDoS and DoS attacks?<\/h2>\n\n\n\n

The difference between normal and distributed denial of service assaults is largely scale. A DoS attack uses a single device and internet connection to flood a target with fake requests. The aim is to overwhelm key resources, such as memory and CPU, causing legitimate access requests to go unanswered.<\/p>\n\n\n\n

Conversely, Distributed Denial of Service attacks are launched from multiple devices that are distributed across the Internet. These devices include PCs, routers, servers, tablets, and mobiles, infected with malware, and controlled from a remote location. The distributed nature of the attack makes it harder to detect and to deal with.<\/p>\n\n\n\n

Who are the targets of DDoS attacks?<\/h2>\n\n\n\n

Any business, organisation, or indeed country can be the target of a DDoS attack. In 2020, Australian Prime Minister Scott Morrison had some alarming news<\/a> for his citizens, \u201cWe are under cyber-attack.\u201d The same year saw the US cloud giant, Amazon, suffering a 2.3Tbps DDoS attack<\/a>. As an idea of scale, that\u2019s about half of all the traffic that BT sees on an entire day across its UK network.<\/p>\n\n\n\n

Motivations for carrying out a DDoS attack vary widely, from disgruntled individuals and hacktivists wanting to take down a company’s servers, to financially motivated extortion attempts to undermine a business\u2019s online presence. State-sponsored DDoS attacks are increasingly being used to disrupt critical financial, health, and infrastructure services in enemy countries.<\/p>\n\n\n\n

Types of DDoS attacks<\/h2>\n\n\n\n

Whilst the aim of all DDoS attacks is similar, the denial of service to legitimate users, there are multiple strategies used to achieve this end result. They differ on what part of the OSI network model they focus on.<\/p>\n\n\n\n

[Create similar OSI model graphic]<\/p>\n\n\n\n

Application attacks<\/strong> send a very high volume of simple HTTP requests to the application, in effect the web pages themselves. This is conceptually easy to do, and a simple HTTP request can generate significant work on the target server, consuming memory, and CPU cycles.<\/p>\n\n\n\n

Protocol attacks<\/strong> target weaknesses in the network and transportation layers (3 and 4 in the model), overloading equipment such as firewalls and load balancers.<\/p>\n\n\n\n

Volumetric attacks<\/strong> attempt to consume all available bandwidth with the target server. The attack focuses on sending requests to the target system that require large volumes of data to be sent and received.<\/p>\n\n\n\n

How to identify a DDoS attack<\/h2>\n\n\n\n

In many cases, the first clue that a DDoS attack is taking place may be a website or service suddenly becoming very slow or even unavailable. Whilst this may be a sign of a cyber-attack, it could also be as a result of a spike in legitimate traffic, for example as the result of a marketing campaign or news story relating to the organisation. For this reason, it is necessary to analyse the traffic to the site, looking for signs of a non-legitimate increase in volume. Signs of a DDoS attack include:<\/p>\n\n\n\n