●Ensuring availability for users during an attack.
●Minimization of downtime
●Anticipating future attacks and combating them more effectively
DDoS mitigation and cybersecurity
DoS stands for Denial of Service, the increasing form of which is DDoS - the additional D stands for Distributed Denial of Service. This is a frequently used type of attack on the Internet. In this security incident, countless requests / queries are sent to this service (YouTube, GitHub, Twitter etc.) in the shortest possible time. This ultimately leads to an overload and the corresponding page is then no longer available for the user. This can lead to considerable financial damage for the operator of the Internet service. Attackers can blackmail the operators for protection money. Learn more details about this topic and about DDoS protection here.
DDoS attacks have an increasing impact. They overwhelm services with ever increasing amounts of data. For DDoS security, DDoS protection tools are needed to disperse these data volumes. At the same time, more and more attacks are being recorded in which cybercriminals attack only specific areas of the IT infrastructure. These attacks are of course less noticeable. The smaller the application or service, the less data volume is needed for the attack. On the other hand, DDoS attacks no longer serve only to deny service, but are increasingly being used as a cover to disguise other cyberattacks. These include data breaches and financial fraud. Organizations should implement a DDoS monitoring and protection tools that detects and block all potential DDoS attacks as they occur. This gives them a comprehensive overview of their networks.
Cybercriminals use botnets in most DDoS attacks. Attackers hijack foreign computers in advance. They usually apply malware such as Trojans or worms. They remotely control those foreign computers by using C&C servers (Command & Control Server). In the case of DDoS, they exploit the bandwidths of the victim systems. They make identical requests to the victims' servers simultaneously. You can prevent those attacks by DDoS protection and by implementing proper DDoS security measures.
Capturing foreign computers or IoT devices can sometimes be very troublesome for attackers. That's why some attacks do not use botnets. Just take a look on the attack on Github 2018, where the use of memcached servers was exploited. These database caching services have the purpose of making networks and websites faster. Access from the Internet to these servers is possible without authentication; you just have to get the IP address. Then the attackers send small requests to several memcached servers simultaneously - about 10 per second per server. These memcached servers are then designed to produce a much larger response. They then return 50 times the requested data to the victim system. In this way, data requests of several terabytes per second can be generated - these easily lead to the collapse of a service. DDoS protection effectively prevents this type of cyberattack as well.
In the same way, DDoS cyberattacks via DNS reflection techniques are used. The attacker makes the DNS query using the victim's IP address (IP spoofing) and is thus successful. The DNS server sends the request to the victim. This is where the amplification, i.e. the amplification in the next step, comes into play.
Our DDoS protection tools and measures prevent DDoS attacks:
These include web application firewalls (WAF for short), which protect online services on the application layer. In general, these ensure that:
Amplicification attacks via memcached servers:
Reflection attacks via “Network Time Protocol”: