Distributed Denial-of-Service(DDoS) Attacks – Know Thy Enemy

August 7, 2013 Manasdeep Fundamentals, Hacks, Incident Response 2

What is a DDoS based attack?

A Distributed Denial-of-Service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users by using multiple hosts attempting to connect simultaneously to the victim machine. It generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Attackers typically target sites of high-profile web servers such as banks, credit card payment gateways, and even root name servers.

Basically, the attack involves saturating the target machine with external requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. The objective of these DDoS attacks is to either force the targeted computer(s) to reset, or consume its resources so that it can no longer provide its intended service.
Architecture of DDos attack

Impact of a DDoS Attack

These attacks violate Internet proper use policy, the acceptable use policies of virtually all Internet service providers. They cause huge productivity losses to the organizations as the services offered by the organizations are rendered unavailable during peak business hours due to saturation of servers. Consequently, they damage hard earned positive brand image of a financial institution by rapid erosion of its stakeholder’s confidence.

What can happen due to DDoS?

  • Rapid consumption of computational resources, such as bandwidth, disk space, or processor time.
  • Disruption of routing information.
  • Unsolicited resetting of TCP sessions.
  • Disruption of physical network components in very short time interval.
  • Sudden spike or maxing out of the processor’s usage
  • Multiple errors triggered in interconnected machines.
  • Multiple errors in the sequencing of instructions, forcing the connected computer into an unstable state or lock-up.
  • Almost instant resource starvation and/or thrashing in interconnected machines i.e. to using up all available facilities.

 Rationale for launching DDoS attacks against financial institutions

Although, DDoS attacks are quite noisy and easily noticeable by both attackers and victims; they largely work as shadow attack. This is a smart diversion technique to camouflage the real hacker intention; which is to siphon out user data while security and network administrators are busy fixing congested data network pipes.  DDoS outages also deflect attention from the bank wire transfers making them unable to reverse the transactions (if found). For e.g.,  when Sony diverted its technical efforts to subvert the  DDoS attack launched by Anonymous hacker group, information of more than 100 million customers was quietly siphoned by hackers in background.

Additionally, panic waves and knee-jerk reactions are spread among public at large when customers find out that they are unable to access their accounts online. Many important transactions are simply delayed or rolled back during peak business hours.

Portait of DDos Attack

This results in major reputation loss for financial institutes. Banks will be forced to face embarrassing litigation suits if these issues are not promptly fixed. Longer the “Access Denied” period stays, greater the financial and reputation losses along with rapid depletion of stakeholder confidence are suffered by these financial institutions.

For a more comprehensive discussion of a DDoS attack and its testing methodology please view our detailed article here:   ”Distributed Denial-of-Service Testing Methodology” or view PDF version article below

  •  
  •  
  •  
  •  
  •  
  •  
  •  

1 Comment

  1. Excellent !! this is very helpful and explained in a very wide away about Denial of service attacks .thanks ! Hope seeing more soon!

1 Trackback / Pingback

  1. Terrorism, War, And Cyber (In) Security | Fortuna's Corner

Comments are closed.