DoS and DDoS attacks easily explained
DoS – stands for “Denial of Service” and broadly means that an internet service is not available, even though it should be. You have probably already experienced it yourself: your request on a website gets denied; for example, when buying a ticket for a concert or making an appointment for a Corona vaccination at your local vaccination center. The ticket can’t be bought, or you can’t even access the website. You may try again a little later or turn away from the website completely. At this point, it is common to say: “The servers were down” – and this is the principle of DoS, or in special cases, which we will explain in more detail in a moment, DDoS.
Usually, the requests in the above scenarios come from users themselves. Many users are trying to use a certain website at the same time, however, at a certain point, the number of requests can no longer be processed or even accepted.
If this happens without bad intentions, the problem can usually be solved quickly. However, as soon as such a scenario is deliberately caused, we speak of a DoS or DDoS attack. But what exactly is such an attack and what is the intend?
What is a DoS or DDoS attack?
DoS and DDoS attacks are targeted attacks at an intact service, which is in most cases brought to only limited availability or even to a crash by a deliberate overload of the IT infrastructure. This is achieved, for example, through excessive requests to the service or by exploiting existing security gaps. In some cases, such an attack acts as a mere distraction from an actual main attack, mostly of another kind from the cybercrime sector.
The goal of a DoS or DDoS attack is thus often to render a certain service, server, or network unusable for a certain period and thus to inflict targeted damage on companies or institutions. The targets may have a wide variety of motivations.
What is the difference between DoS and DDoS?
DoS and DDoS attacks in essence only differ in the number and distribution of the attacking systems. DoS attacks originate from a single source, whereas DDoS (distributed denial of service) attacks involve multiple sources. These sources are as a rule computers or servers, but in the meantime, smartphones are also being used more and more frequently, as their performance has increased greatly in recent years while internet connections have become faster and more stable.
Which motives can DoS and DDoS attacks have?
The motivations for such attacks on individual targets or companies are diverse and range from protest actions to blackmail. There are also attackers who demand money or other things (e.g., cryptocurrencies) from their victims in order to stop an ongoing attack or not to carry out a planned attack in the first place. A recent example of the latter is the large flood of DDoS extortions sent by email to companies in Europe and North America in Fancy Lazarus’ name. Incidentally: If a DoS/DDoS attack is accompanied by an extortion, it is called an RDoS attack (Ransom-DoS attack).
How do you spot an attack?
Whether a DoS/DDoS attack is the cause of existing disruptions can be determined through observation, network analysis or with special attack detection systems.
Indications of an attack are:
- Website is no longer accessible,
- the operation/execution of certain website elements is no longer possible,
- much more traffic than usual,
- there are many e-mails in the e-mail inbox that were all sent at the same time or are being sent continuously (“mailbombing”),
- the network performance of the system is severely limited,
- threatening emails that you or your company has become the victim of an attacker,
- Your otherwise intact PC crashes constantly (possibly “ping flooding”).
DoS/DDoS attacks lead to FinTech companies without data access, customer loss in the e-commerce industry or blackmail of private individuals and companies. Everyone should protect themselves against this, which is why next Friday we will show you in more detail which methods are used by attackers. Based on this, we will present ways to make attacks more difficult – however, we recommend an individual consultation with IT security experts.