Table of Contents
In the emerging world of Software as a Service (SaaS) products, online platforms, and large networks, the worst thing for your business is a break in service. Downtime can cause critical system damage, destroy customer loyalty and trust, as well as potentially create contract violations for always-online products. Keeping your systems up when things are moving can be difficult enough, but when cybercriminals get involved things get much worse.
A common tactic for advanced cyberattacks is what is called a ‘Denial-of-Service’ or DoS attack. This kind of tactic can take a few forms, but they all have the same goal: disrupting your critical SaaS and always-online products. Websites, applications, and even entire local networks can be subject to a DoS attack. There are three primary methods for cybercriminals to perpetrate a DoS attack:
Types of DoS Attacks
Buffer Overflow Attacks
Buffer overflow attacks are the most common type of DoS attack. In this attack, a cybercriminal simply sends more information, data, or traffic to a system than it is designed to handle. Imagine an online storefront as a physical retail building. If the store is flooded with many customers, the wait times at registers will dramatically increase and customers may eventually be turned away if the store is too full to accommodate more people.
In the same way, a buffer overflow DoS attack floods a system with too many ‘customers’ which slows the service down and begins to cause issues for legitimate customers.
The second type of DoS attack is called an ICMP flood. This tactic has the cybercriminal gain access to an insecure network device and use it to send ‘pings’ to all the devices on the network. These pings are a request to verify the presence of another device. As the number of pings from the device dramatically increases, the network automatically adjusts to focus on the new center of activity. Due to the incorrectly configured device, the network thinks legitimate traffic has increased in the compromised device. Instead, useless information is prioritized and amplified, destroying the network’s speed and ability for legitimate connections to occur. Due to the use of pings in this DoS attack, ICMP floods are sometimes commonly referred to as the ‘ping of death’.
The final common type of DoS attack is called SYN floods. This method uses server requests instead of pings to cripple a service or network. The cybercriminal sends a legitimate request, such as using a website’s login page, but intentionally severs the connection to the service before the ‘handshake’ is completed. The term ‘handshake’ is used to indicate a service and a computer have exchanged security information and verified to each other they are legitimate.
In the case of a SYN flood DoS attack, the server is left with its virtual hand extended waiting for a reply which will never come. Servers only have so many ‘hands’ to verify connections so if the cybercriminal establishes enough of these empty connections, they can cripple a service for other users.
Distributed DoS Attacks
When discussing DoS attacks, the term DDoS or Distributed Denial-of-Service frequently comes up. A DDoS attack is like a typical DoS attack but leverages an entire network of computers. A cybercriminal might use malware to establish a ‘bot-net’ of computers they can remotely control and leverage to attack the same service. When the cybercriminal does this, the attack changes to a Distributed DoS attack as they are using a widely distributed network of computers and connections to attack the same service.
In a standard DoS attack, it may be possible to find the perpetrator as all the connections to the service originate from the same computer or network. This task is far more difficult in a DDoS attack as there are many computers or networks creating connections. Some of these connections may also come from people who are completely unaware their computer is being used in this way. From a user perspective, this is an incredibly important reason to have strong Antivirus and workstation management. Implementing these systems could protect you from both getting caught in a cybercriminals attack and dealing with getting caught up in legal investigations of DDoS attacks.
Don’t Deny Your Business Premium Service
Threats to online services, business networks, and other SaaS platforms are not going away anytime soon. Cybercriminals are constantly looking for new, vulnerable targets to leverage their Denial-of-Service attack tactics against. If you are not 100% certain your systems, networks, and computers are secure, let’s talk! A free IT consultation is just the start of the cybersecurity advantage you’ll get from Strategy.