What Is a Denial-of-Service (DoS) Attack?
A denial-of-service attack aims to slow down or stop machines or networks, making them inaccessible to users. This can make services like email, online accounts, and ecommerce sites unusable. While the goal isn't usually to steal data, it can still harm organizations financially by causing downtime and expenses to recover. This can lead to lost business, unhappy customers, and damage to a company's reputation.
Recently, there has been an increase in DoS attacks. In the first quarter of 2021, there were around 3 million DoS attacks, which is about one-third more than the previous year. January had the highest number of DoS attacks ever recorded, with 972,000 attacks. During the pandemic, there was a rise in DoS attacks as cybercriminals took advantage of organizations that were more vulnerable due to new ways of operating.
How Does a Denial-of-Service (DoS) Attack Work?
Denial-of-service attacks often target the web servers of important organizations like banks, online stores, media outlets, and government offices. Attackers aim to disrupt these organizations by flooding their networks with huge amounts of traffic or sending harmful data to crash their systems. Even networks not directly targeted can be affected if they rely on the same services. A more serious form of this attack is called a distributed denial-of-service attack (DDoS), where multiple systems work together to attack a single target, potentially causing more damage. DDoS attacks can be used to distract from other criminal activities like stealing data. The largest DDoS attack on record happened in February 2020, when Amazon Web Services stopped a three-day attack that peaked at 2.3 terabytes per second.
Difference between DoS & DDoS Attack
The main difference between a DoS and a DDoS attack is the number of devices involved. A DoS attack uses just one system, while a DDoS attack involves multiple systems. Because a DoS attack uses only one system, it's easier to spot and stop. However, a DDoS attack can use many infected devices, called botnets, which are controlled by a central system. This makes DDoS attacks harder to detect and therefore more damaging.
Types of Denial-of-Service (DoS) Attacks
There are several main types of denial-of-service attacks:
1. Volume-based attacks: These floods the target with a huge amount of traffic, overwhelming its capacity. The size of the attack is measured in bits per second (bps).
2. Protocol or network-layer attacks: These send a large number of packets to network infrastructure, aiming to exhaust resources. The size is measured in packets per second (PPS). Examples include Smurf DDoS attacks and SYN floods.
3. Application-layer attacks: These flood applications with malicious requests, aiming to exhaust resources. The size is measured in requests per second (RPS).
How to Identify if a DoS Attack has occured?
There's no single method to detect a DoS attack, but organizations can watch for these signs:
1. A sudden, massive increase in traffic.
2. Servers showing 503 errors due to service disruptions.
3. Request timeouts or delays.
4. Multiple requests from one IP address in a short time.
How to Prevent Denial-of-Service (DoS) Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) warns that DoS attack symptoms can look like non-malicious network issues. Signs like slow performance or a site being down could indicate an attack. To protect against DoS attacks, organizations should:
1. Monitor network traffic: Use firewalls or intrusion detection systems to watch for unusual traffic patterns. Set up rules to alert or block suspicious traffic.
2. Strengthen security: Secure internet-facing devices, use antivirus software, configure firewalls to block DoS attacks, and follow best security practices.
3. Use traffic monitoring services: These services can detect and redirect abnormal traffic flows while allowing normal traffic to continue.
4. Have a response plan: Create and practice a plan for responding to a DoS attack, including communication, mitigation, and recovery strategies.