Last week we discussed malware attacks and how to protect against them. This week, we will talk about another type of cyberattack—the Denial of Service or DoS attack. This is the type of attack a cybercriminal uses when they want to render a network, system, or device unavailable to its users. The result is that routine tasks cannot be carried out on the network or device, costing the victim considerable time and money.
How Does a DoS Attack Work?
In a DoS attack, the attacker floods the target network or device with dozens or hundreds of false service requests or sends through information that causes the network or device to crash. The result is that legitimate users are denied access or service. Why would an attacker do this? Sometimes it’s simply to disable a network or device, and sometimes it is used as a smokescreen for more malicious activity.
The DoS attack is not to be confused with the Distributed Denial of Service attack (DDoS), which is similar in nature. The primary difference between the two is that a DoS attack is launched from a single system, whereas a DDoS attack is launched from multiple systems simultaneously, making it harder to locate and neutralize.
Types of DoS Attack
There are three broad types of DoS attacks to be aware of:
- Volume-based attacks
- Protocol-based attacks
- Application layer-based attacks
Let’s take a look at each.
Volume-based attacks are the more common method of a DoS attack. They occur when the network or device is overloaded with illegitimate requests, which causes it to slow down and stop working. There are a couple of volume-based attacks that are particularly common:
- Buffer overflow attacks – This is by far the most popular type of DoS attack. The attacker sends more requests to a specified network address than it has been programmed to handle.
- ICMP flood – Also known as the ping of death, the attacker takes advantage of misconfigured network devices by pinging every device on the target network with a spoofed packet, causing the network to amplify traffic to the point that it slows down.
These attacks focus on overwhelming the resources of servers or components such as firewalls and load balancers, making them unavailable to legitimate users. Examples of this type of attack include:
- SYN flood – The attacker sends a request to the target network to connect to a server. However, the handshake is never completed, which causes all available ports to become inundated with requests, making them unavailable to legitimate users.
- Ping of death – The attacker repeatedly sends malicious pings to a server with a memory packet that becomes larger than the memory space allotted to it. The result is an overwhelmed system that cannot process legitimate packets.
Application layer-based attacks
This is a DDoS attack that is designed to bring down a web server by targeting a specific type of software, such as Windows or Apache.
How to Detect a DoS Attack
Any network user can recognize telltale signs of a DoS attack. These include:
- When multiple devices on a network experience an interruption or loss of connectivity
- Slow performance on the network when performing common tasks, such as logging into an account or downloading files
- The inability to load a particular website
- Being unable to access standard online resources, such as health records, bank accounts, or an investment portfolio
It is important to note that these are the same symptoms that occur when there are network connectivity issues. That means that although these symptoms are obvious, they may not be recognized as an attack.
Best Practices to Prevent a DoS Attack
Since a DoS attack is obvious and not obvious at the same time, there are certain things you can do to help minimize your risk of falling victim to one:
- Make sure all employees are trained to be responsible when online and recognize potential indicators of a DoS attack.
- Perform regular penetration testing and tabletop exercises to identify vulnerabilities in the network architecture.
- Ensure all backups are segregated from one another to protect them should ransomware be installed.
- Have the proper tools and processes in place to ensure the best possible network visibility.
- Work with a cybersecurity partner to verify and investigate potential attacks.
- Establish a plan of communication that will keep media, customers, and partners informed of issues.
- Report any attacks to law enforcement so they can be better informed about the tactics used by cybercriminals.
A DoS attack doesn’t typically end up in the loss or theft of data or information. However, the disruption of services can take a significant amount of time to recover from and be costly in lost business and the time it takes to recover.
Contact Platinum Technologies today to learn more about DoS attacks and how we can help you protect your business.