Blog
Explanation of the type of vulnerability and the causes
DoS Attacks
Student’s Name
Course Number and Name
Instructor’s Name
Due Date
DoS Attacks
1. Explanation of the type of vulnerability and the causes
1.1 Denial of Service (DoS)
A Denial-of-Service (DoS) attack is meant to shut down a network or machine with the intentions of preventing the intended and authorized users from accessing it. The perpetrators of the DoS attacks achieve this by either flooding targets with traffic or sending information triggering a crash (Jamal, Haider, Butt, & Chohan, 2018). In either case, such attacks tend to deprive legitimate users such as members, employees, and account holder of the resources or services they expected. Often, the perpetrators target the servers of high-profile corporates like media companies, commerce, banking, or trade and government organizations. While DoS attacks do not normally lead to the loss or theft of important data or other assets, they cost victims a lot of money and time to handle it (Jamal et al. 2018). There exist two DoS attacks methods: crashing services or flooding services. Flood attacks takes place when there is a lot of traffic within the system causing the server to buffer, then slow down, and to ultimately stop preventing legitimate users from accessing it.
1.2 Explanation of Various Vulnerabilities, their Meanings, and Explanation of how they Occur
1.2.1 Distributed Denial of Service (DDoS) attack
The Distributed Denial of Service (DDoS) attack is a type of DoS attack which occurs when several systems orchestrate a synchronized DoS attack to one target. The difference in this case is that rather than being attacked from a single location, the target gets attacks from multiple locations simultaneously. The hosts distribution defining the DDoS offer the attacker some advantages. The first advantage is that a greater volume of machine can be leveraged by the attacker to execute a severely disruptive attack (Jamal, Haider, Butt, & Chohan, 2018). Secondly, it is not easy to detect the location of the attack because of the attacking systems’ random distribution, often globally. Thirdly, it is not easy to shut down many machines at once ad finally, it is difficult to identify the real attacking party since the attackers are disguised behind multiple and compromised systems. There exist several predominant types of DoS attacks
1.2.2 Volume-based attacks
These attacks use enormous amounts of fake traffic in order to overwhelm online resources such as a website or a server. The attack’s volume is normally measured in bits per second.
1.2.3 Network-layer or protocol attacks
These attacks tend to send huge numbers packets to infrastructure of networks and the management tools of infrastructure (Zhang, Zhang, & Lee, 2017). They are measured in packets per second (PPS).
1.2.4 Application-layer attacks
Application layer are the same as volume-based attacks. The difference is that the former are conducted by using malicious requests to flood applications (Zhang, Zhang, & Lee, 2017). Application layer attacks are measured in requests per second (RPS).
1.2.5 Vulnerability exploiting attacks
There are some DoS attacks that exploit vulnerabilities causing the target service or system to crash. In such attacks, the perpetrators send input taking advantage of bugs in the target that consequently causes the system to severely destabilize or crash it prevent access by intended users (Jamal, Haider, Butt, & Chohan, 2018). Mechanisms have been developed by modern security technologies to counter potential DoS attacks. However, because of DDoS’ unique characteristics, it is considered an elevated threat and this is a huge concern to organizations that are vulnerable to these kinds of attacks.
1.3 Current Impact of DoS Attacks Compared to the Impact Ten Years Ago
The denial-of-service (DoS) attack has been an issue for over twenty years making it a cybercriminal strategy that is tried and true. The first case took place in the year 2000 when several e-commerce sites such as eBay and Amazon were taken down by a fifteen-year-old hacker (Jamal, Haider, Butt, & Chohan, 2018). Over twenty years later, these attacks are still dangerously effective. As a matter of fact, DoS attacks have grown bolder and bigger. They have particularly increased over the past few months. Over three million DoS attacks have occurred in the first two quarters of 2021. This is about one thirds more than the same period in 2020 (Pranggono & Arabo, 2021). January 2021 saw the largest number of these attacks where over 972,000 attacks were recorded. Thanks to the COVID-19 pandemic, the number of attacks continue to rise as attackers takes advantage of vulnerable corporations that operate in new ways.
The DoS attacks have become quite common. Recently, scholars from the Saarland University in Germany, UC San Diego in the United States, and University of Twente in the Netherlands conducted studies and found that a third of all of the twenty-four networks have experienced a DoS attack at least once in the past two years (Reo, 2021). Their studies also found that 3% of websites in .org, .net, and .com, are involved in the DoS attacks every day.
There are no signs that indicate that the evolution of DoS attacks is slowing. These attacks keep on growing in frequency and volume. Today, it involves a “hybrid” or “blended” approach (Islam et al. 2021). Without an early detection and a lack of traffic profiling systems, it is not possible to know the presence of attacks. As a matter of fact, many users know about it when the server or website is slowing down or when it crashes. This is particularly the case for sophisticated attacks that tend to use a blended approach and multiple levels are targeted simultaneously (Islam et al. 2021). Such attacks target infrastructure, applications, and data at the same time to increase the chances of attackers being successful.
2. Identification of where the vulnerability exists “in the wild”
2.1 Recent High Impact Cases
There are several organizations that have fallen victim to DoS attacks. Some of the recent high impact cases include:
2.1.1 The 2020 Google Attack
On the 16th of October, 2020, Google’s Threat Analysis Group through their blog stated that the threat actors and threats alike changed their strategies because of the 2020 U.S. election. According to Google, the company’s Security Reliability Engineering team measured a UDP amplification attack which was sourced out to some Chinese ISPs (The Economic Times, 2020). They stated that this is one of the largest bandwidth attacks they are aware of. Google reported that the attackers used numerous networks to spoof 167 Mpps; this translates to millions of packets per second to 180,000 exposed SMTP, DNS, and CLDAP servers. This demonstrated the volumes that well-resourced attackers can achieve.
2.1.2 Amazon Web Services 2020
This is by far the leading DDoS attack which took place in February 2020. Amazon Web Services stated that it fended of a DDoS attack that occurred for three day peaking at a 2.3 terabytes per second volume (Porter, 2020). Before this attack, the record for the largest DDoS attack in the world was 1.7 Terabits per second that surpassed the record that the GitHub set (1.3 Terabits per second). The ZDNet article does not identify the Amazon Web Services customer. It however mentioned that the attack was conducted by the use of hijacked CLDAP web servers which resulted in a three day “elevated threat” for the AWS Shield staff. Connection-less Lightweight Directory Access Protocol (CLDAP) happens to be a protocol for the connection, searching, and the modification of shared directories online (Porter, 2020). In addition, it is a protocol abused for DoS attacks for years and that CLDAP servers amplifies DoS traffic by 56 to 70 times the initial size.
2.1.3 GitHub (February, 2018)
GitHub is one of the most popular code management services that millions of developers use. However, it was not prepared for the record-breaking 1.3 Terabits per second of traffic which got its servers flooded with 126.9 million data packets each second (Newman, 2018). This is the biggest DDoS attack that was recorded at the time but the GitHub’s systems were only taken down for approximately twenty minutes. This was largely because GitHub utilized a mitigation service which detected that attack and steps were promptly taken to mitigate the impact. Contrary to many DDoS attacks that has occurred recently, the GitHub attack did not involve botnets. Rather, the attackers used a tactic called memcaching, where a hoaxed request is sent to a susceptible server which floods the target with increased traffic (Newman, 2018). Memcached databases are to speed up networks and websites but recently, the DDoS attackers have weaponized them.
2.2 How common is the Vulnerability?
Security experts recognize DoS attacks is an increasing issue but it helps to have an independent and large-scale research which validates what is observed by organizations and vendors. According to Reo (2021), by combining direct attacks and reflection attacks, the internet experiences 28,700 different DoS attacks in average daily. This is about a thousand times greater indicated by other reports. Reo (2021) states that it is outstanding to discover that the number of DoS attacks is actually 1,000 times greater than it was previously anticipated. This is a wake-up call to every organization that is not aware of the gravity and scope of the DoS attacks. Interestingly, the findings indicate that site owners tend to ignore low level attacks.
2.3 Has exposure to the vulnerability increased or decreased in the past 12 months?
The third quarter of 2020 and the first and second quarter of 2021 are notable for increased number of DoS attacks. This is the period in which DoS activities have increased compared to the previous years (Islam et al. 2021). Most likely, this is because of the COVID 19 pandemic and the restrictive measures enacted which lasted for many months in the majority of the countries. The forced migration of multiple daily activities resulted in an increased potential DoS targets.
3. Identification of appropriate controls or mitigations
3.1 Controls and Mitigation Techniques to Prevent DoS Attacks
In order to prevent and fight these attacks, organizations must establish a plan and reliable DDoS prevention and mitigation solutions. In addition, an integrated security strategy is needed to protect all levels of infrastructure. Some of the controls or mitigation techniques that should be employed to mitigate the issue include:
Developing a Denial of Service Response Plan
Organizations should develop a prevention plan based on an extensive assessment of security. Contrary to smaller organizations, larger ones require complex infrastructure and multiple teams in DoS planning (Dridi, & Zhani, 2018). The critical first step is the development of an incident response plan. Based on the respective infrastructure, a DoS response plan can be exhaustive. The first step against a malicious attack defines the outcome. Organizations should ensure that their center of data is prepared and everyone involved know their responsibilities. That way, the impact is minimized and the money and time involved in recovery is saved.
Secure the Network Infrastructure
The mitigation of network security threats will be achieved only when there is a multi-level strategy of protection put in place. This includes systems of advanced intrusion prevention and threat management combining VPN, firewalls, content filtering, anti-spam, load balancing, and other DoS defense techniques (Dridi, & Zhani, 2018). Together, these techniques enable consistent and constant protection of networks to prevent the occurrence of DoS attacks. This includes the identification of possible traffic inconsistencies with a high precision level in blocking attacks. The majority of the network equipment do not come with enough options for mitigation so companies should outsource some services. With cloud-based solutions, organizations are able to access advanced protection and mitigation resources on the pay-per-use basis. This option is excellent for small and medium-sized enterprises who may want limit their security budgets. In addition, companies should ensure that they systems are updated because the outdated systems usually have loopholes and it is easy for DoS attackers to find those loopholes (Dridi, & Zhani, 2018). By patching the infrastructure and installing newer versions of software regularly, an organizations can easily protect itself from DoS attackers. Because the DoS attacks are usually complex, there is hardly a way to protect oneself without the installation of proper systems to recognize irregularities in traffic and respond instantly. Backed by a battle plan and secure infrastructure, the threats can be minimized by such systems. In addition, they bring the much needed confidence and peace of mind to everyone within an organization from the system administrator to the CEO.
3.2 Security Administrator Recommendation
Having looked at the best practices in the industry above, it is important to focus more specifically on a recommendation that presents advantages while looks at the future direction of DoS attacks. In this line, leveraging the cloud is the most suitable approach.
It is advantageous to outsource DoS prevention to cloud-based service providers. Firstly, the cloud has more resources and bandwidth relative to a private network. Since DoS attacks has an increased magnitude, solely relying on on-premises hardware will fail (Chifor, Bica, & Patriciu, 2017). Secondly, the cloud’s nature means that the resource is diffuse. Cloud-based apps are able to absorb malicious or harmful traffic before reaching the intended destinations. Thirdly, software engineers operate cloud-based services. The job of the engineers involves monitoring the web for the latest tactics used by the DoS attackers. Deciding on the appropriate environment for applications and data differs between industries and companies (Chifor, Bica, & Patriciu, 2017). Hybrid environments are convenient for accomplishing the appropriate balance between flexibility and security, particularly with vendors that provide tailor-made solutions.
References
Chifor, B. C., Bica, I., & Patriciu, V. V. (2017, June). Mitigating DoS attacks in publish-subscribe IoT networks. In 2017 9th International Conference on Electronics, Computers and Artificial Intelligence (ECAI) (pp. 1-6). IEEE.
Dridi, L., & Zhani, M. F. (2018). A holistic approach to mitigating DoS attacks in SDN networks. International Journal of Network Management, 28(1), e1996.
Islam, M. N. U., Fahmin, A., Hossain, M. S., & Atiquzzaman, M. (2021). Denial-of-Service Attacks on Wireless Sensor Network and Defense Techniques. Wireless Personal Communications, 116(3), 1993-2021.
Jamal, T., Haider, Z., Butt, S. A., & Chohan, A. (2018). Denial of service attack in cooperative networks. arXiv preprint arXiv:1810.11070. https://arxiv.org/ftp/arxiv/papers/1810/1810.11070.pdfJamal, T., Amaral, P., Khan, A., Zameer, A., Ullah, K., & Butt, S. A. (2018). Denial of service attack in wireless LAN. ICDS 2018, 51.
Newman, L. H. (2018, January 3rd). GitHub Survived the Biggest DDoS Attack Ever Recorded. Retrieved from https://www.wired.com/story/github-ddos-memcached/
Porter, J. (2020, June 18th). Amazon says it mitigated the largest DDoS attack ever recorded. Retrieved from https://www.theverge.com/2020/6/18/21295337/amazon-aws-biggest-ddos-attack-ever-2-3-tbps-shield-github-netscout-arbor
Pranggono, B., & Arabo, A. (2021). COVID‐19 pandemic cybersecurity issues. Internet Technology Letters, 4(2), e247.
Reo, J. (2021). Academic Research Reports Nearly 30,000 DoS Attacks per Day. Retrieved from https://www.corero.com/academic-research-reports-nearly-30000-dos-attacks-per-day/
The Economic Times. (2020, October 19th). Google stops biggest-ever DDoS cyber-attack to date. Retrieved from economictimes.indiatimes.com: https://economictimes.indiatimes.com/tech/technology/google-stops-biggest-ever-ddos-cyber-attack-to-date/articleshow/78744934.cms?from=mdr
Zhang, T., Zhang, Y., & Lee, R. B. (2017, April). Dos attacks on your memory in cloud. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (pp. 253-265).
BIBLIOGRAPHY l 1033
