Pretty much since the start of the internet, criminals have been using Distributed Denial of Service (DDoS) attacks to intentionally harm companies and institutions. A DDoS attack attempts to disturb an online service by intentionally overloading it with traffic, so the service is no longer available for legitimate users. This can cause reputation issues for the company and in some cases, attackers have used this type of cybercrime to extort money or cover up other criminal activities.
As October is cybersecurity month, let’s raise awareness about this type of criminality.
Simple but powerful
Unlike with phishing or vishing, for a DDoS attack the criminals target a service or server they want to make unavailable, not an individual. A common way to perform these attacks is by using programmes known as Trojan horses. This malicious software is installed on unknowing users’ computers using malicious emails containing photos, documents or links to dangerous websites. Once a large number of devices are infected, they form what is called a “botnet” and criminals remotely use the botnet to send a large number of simultaneous requests to the chosen service or server they want to attack.
The more computers have been compromised, the more potent the attack is. When services or servers without DDoS protection are attacked, they can be overwhelmed by the enormous number of requests, and their Internet connection is overloaded. As a result, websites only operate very slowly or are no longer available at all.
It is not science fiction and it should be a good reminder to keep your systems protected and never open attachments or links from unknown sources. You might not be the target of the attack but your devices could be used for one! Think about it: with the Internet of Things (IoT), all kinds of devices are connected on the internet, from appliances and smart home security systems to wireless inventory trackers and smart factory equipment. These devices make for attractive targets for cybercriminals since they can also be used as tools for DDoS attacks. One popular example is the attack on the internet service provider Dyn in 2016: a botnet coordinated through several thousand cameras, printers, smart TVs, baby monitors and other devices that had been infected carried out a DDoS attack that caused major internet platforms and services to be unavailable through Europe and the United States.
Even tech giants such as Google and Amazon are victims of these attacks. Recently, Google revealed information about “a record-breaking attack which remains the largest bandwidth attack of which we are aware”. This attack lasted for six months in 2017, though it had no impact on Google’s operations.
Always be prepared… and alert!
There is not much we, mere civilians with limited technological expertise, can do about these attacks – or is there?
Aside from protecting our own devices (save on the graphics card, not the antivirus!), we can become aware of these threats and make sure our families and friends, including children, are also aware. According to Britannica, the first documented denial of service (DoS) attack occurred in 2000, when “mafiaboy,” a 15-year-old Canadian hacker, orchestrated a series of DoS attacks against several e-commerce sites, including Amazon and eBay. If you know of a youngster who likes to tests their hacking skills, redirect them to the National Crime Agency in the United Kingdom as they support some of the UK’s biggest games design, cyber security and programming businesses to find talented young people with the skills to succeed in those industries. These firms offer challenging careers!
In Luxembourg, BeeSecure offers loads of information about being safe online. And cybersecurity experts are sought after everywhere - check the postings in sites such as SECURITYMADEIN.LU or The LHoFT.
If you liked this article, you can find more in the ING blog: www.ing.lu/mymoney.