What is a ddos ​​attack, what are the objectives and how companies can defend themselves

An attack Ddos (Distributed denial of service) is a type of computer attack perpetrated with the specific purpose of stop the operation of a website or serveroverloading the system with an abnormal quantity of traffic, often from multiple sources. The goal of these attacks is to exhaust the resources of the server or the network, causing slowdowns or making the service completely inaccessible. The DDOS attacks are constantly growing and affect practically all sectors, from games to e-commerce, passing through decidedly more neurlygic points of online services that have become essential nowadays, such as banking, transport and health, impacting significantly on the safety, sales and reputation of companies. Since facing these attacks is not at all simple, the adoption of strategies preventive By companies and public administrations that manage websites (especially those who have some relevance) is essential.

How a ddos ​​bench happens and what are the objectives

A DDOS attack aims to make a website, server or a network for users not available for users. It is based on one network of compromised devices or, as they say in jargon, of one botnetmade up of an army of computers and devices infected with malware and, therefore, controlled at a distance by a subject (or by a group of criminal subjects) who use them for their purposes. In the case of a DDOS attack, the thousands of devices infected with computer pirates send requests to the site or server, with the result that the legitimate traffic of “real” users is blocked. This process can put offline an entire website or, at best, heavily slow down its correct functioning. Botnets are one of the most powerful resources used to perform these attacks, as they allow attackers to exploit the power of numerous devices without users actually aware of it.

DDOS attacks can be classified in Three main categories: volumetrics, to the protocol and the resource level. Let’s analyze them a little more closely.

  1. Volumetric DDOS attacks: They are the most common ones and consist in generating a huge volume of traffic that seems legitimate. This type of attack can be made, for example, through the DNS amplification, which uses open DNS servers to send massive responses to the target.
  2. Ddos attacks on the protocol: These aim to exploit the weaknesses in network protocols, such as the TCP, causing the server resources exhaustion. A typical example is the SYN attack, which uses all servers resources available.
  3. DDOS attacks at the resource level: They are aimed at damaging specific applications, often through techniques such as the Injection SQL or the interview scripting, and affect communications between hosts and servers.

In perpetrating a ddos ​​attack, IT criminals could use a specific strategies among those just listed or even mix them with each other, perhaps starting with a type of attack and then continuing with another, depending on the purposes they intend to achieve with theirs criminal action.

How long a ddos ​​attack lasts

One of the most interesting aspects concerns the Duration of a ddos ​​attack. This can be very variable and go from a few hours to a few days. In this regard, Microsoft For example, he says:

A ddos ​​attack can last for a couple of hours a couple of days. An attack could last four hours, while another could last a week (or more). DDOS attacks can also occur once or more times in a certain period of time and consist of more than one type of cyberattacco.

How to understand if a DDOS attack is underway and how to contrast it

Given the discomfort that can cause a ddos ​​attack, understand if it is underway An event of this type is important, even if it is not at all easy to be able to do it with a timeliness useful to avoid its most disruptive effects. There are, however, some signs that could act as possible “alarm bells”. Among the most typical we mention a Sudden and inexplicable increase of web traffic (especially if this comes from the same IP address), slowdowns in network performance and, of course, the eventual Inaccessibility of the website. The more timely, the detection of a possible attacking DDOS attack will be timely, the simplest it will be easy to contrast the action of the criminals.

But speaking of counteracting, what can be done concretely for Avoid a ddos ​​attack and contrast it If you are interested in your systems? We assume that the protection against these attacks begins with the identification of vulnerability in the system, the regular updating of the defenses and the preparation of a response plan. An effective approach provides for the combination of defense technologies, including the monitoring of the network and the implementation of cloud -based protection solutions. The creation of a resilient and scalable network can help counteract the most complex attacks, such as volumetric or application. Another very useful thing is the collaboration with experts of computer security that help to identify and mitigate threats: it is not very cheap as a solution, but it is certainly necessary.

And in case of attack? Here the difference makes it of a proactive security team, which is able to react quickly, following predefined procedures to isolate the attack and protect sensitive data. Protection from DDOS threats would actually be extended to the entire corporate structure (and not limited to the IT security team only), educating the staff on attack indicators and behaviors to be avoided. In addition to all this, of course, it is essential to carry out periodic tests on safety and carry out emergency exercises to verify the reactivity of the team in critical situations, following a preventive approach that is, in some ways, similar to that of simulations on how to behave in case of natural disasters (in this case, calamity is digital).