Security in Plain English: What is a DDoS Attack?

Back to Blog
June 22, 2018
Mike Talon

Security in Plain English Series

What is Two-Factor Authentication?
Why Do I Have to Change my Password Every 30/60/90 Days?
Office 365 Phishing
What is a DDoS Attack?
Security in Plain English: What are Red, Blue, and Purple Teams?

Today’s question from a reader:

I heard on the news about the biggest ever DDoS attack, but what is a DDoS attack, and should I be worried about it?

Distributed Denial of Service (DDoS) attacks are simply bad actors using an overwhelming amount of data requests to disable a server or website. Think of it this way:

If you are standing alone with one other person on a street corner, it’s very easy to hear them when they ask you a question – and for you to give them an answer. Now imagine that this same street corner has ten people all asking you questions. It becomes much harder for you to know which questions are legitimately being asked of you, and to give your answer with all the noise. Now imagine there are one hundred, one thousand, or ten thousand people all asking questions. It’s impossible for you to do much of anything since you can’t hear anything over all the noise, much less figure out which person in the crowd legitimately asked you a question!

DDoS attacks work the same way – just on a much bigger scale. A website is swamped with millions (or billions) of requests – with nearly every one of them being bogus and generated by an attacker trying to disrupt the service. This creates a situation where service to any legitimate user is denied – leading to the term “Denial of Service” attack.  Bad actors used to do this by having several machines at one location all continuously blasting requests to a website or service, but soon technology evolved to be able to quickly figure out what was going on and block that location; fixing the problem. The bad actors, however; also evolved. Instead of attacking from just one location, they began attacking from dozens, then hundreds, then thousands of locations around the globe. This lead to the Distributed Denial of Service attack – which is much more difficult to deal with. When all those attacking systems blast the website in question with millions upon millions of requests in mere seconds, the servers either crash or simply become unable to handle any legitimate traffic, and the attack succeeds.

The way bad actors manage to pull this off varies by the attacker, but for the most part they zombie machines. Using well-known techniques, such as infected email attachments, the attackers install software on thousands or even millions of users’ computers. However, unlike a regular virus or malware, these software tools don’t do anything harmful to the machines they infect directly. Instead, they sit quietly and wait for a signal from the attacker to be sent out. When that signal comes, these zombie machines begin to send their malicious messages at the targeted website, creating a DDoS attack.  Since each machine only sends a tiny amount of the overall attack data, those working on zombie machines may not even notice anything at all – making the attack hard to detect unless the user’s anti-malware software can recognize the infection.

With the advent of Cloud computing, DDoS attacks have taken a new vector – zombie servers. In addition to having zombie machines all over, the bad actors now also attack Cloud computing instances, dramatically increasing the number of machines they can use to attack a website or service and – since servers are less likely to have active anti-malware tools running – making the attack harder to limit before these zombies start hurling data at the target. Once the data starts flowing, good network security tools can recognize the traffic pattern and put a stop to it, but prior to that point the zombification software might be totally invisible.

Putting all these methods together, attackers have managed to create some truly impressive DDoS attacks in recent days. The largest ever recorded was sending data at the rate of 1.35 terabits per second. To put this in perspective, your home internet connection will range from ten to one hundred *mega*bits per second – meaning your entire internet connection is only a tiny fraction of the bandwidth that was used to attack GitHub and other sites in recent history!

Next week, we will help you figure out what to do to handle this type of attack.

To learn more or to speak to a solutions specialist, please contact us today!

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

SecureAuth Authenticate App

Passwordless MFA client with
Symbol-to-Accept. Stronger security.

The Value of Deploying Multi-Factor Authentication in a Digital World

Value of Deploying Multi-Factor Authentication in a Digital World

Read this white paper to gain insights and understanding of why passwords create risk and blind spots for organizations and their users.

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Analyst Reports

Documentation

Events

Recorded Webinars

Innovation Labs

Support Portal

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Careers

Contact