DoS attack (Denial of Service)

[Carding]

DoS attack (Denial of Service), or denial of service, is a set of actions by intruders aimed at blocking or slowing down the operation of individual services or an entire information system. In some cases, such an attack leads to resource overuse. For example, if the cloud system is configured to automatically add virtual machines in the event of a service slowdown, then, upon detecting a decrease in response time, the cloud will automatically add new virtual machines, and the attack will not be noticeable to visitors to the resource, but the operator's fees, which are usually tied to the spent resources, may increase.

An alternative definition of DoS is an attack on the exhaustion of scarce resources. However, this situation can also arise in the case of legitimate user activity, if the information system is built incorrectly and a deficit of some resource was artificially created in it - bandwidth, memory, computing capabilities. Such an incident cannot be called an attack, since there is no targeted action by the attacker. At the same time, a DoS attack that exploits a buffer overflow vulnerability and causes the entire information system to fail does not exhaust any scarce resource, but exploits a software bug.

Classification and methods of DoS attacks

The following types of DoS attacks are distinguished:

• Exploiting the vulnerability. This type of attack requires a hardware or software error, the use of which leads to the destruction of the target system or to a significant slowdown in its work. Sometimes, in such scenarios, it is sufficient to send one network packet to its destination, therefore such an attack is sometimes called a low-speed attack. To protect against it, it is necessary to install patches for system vulnerabilities or WAFs with filtering packets that exploit the vulnerability. It also helps to audit the information system or check it for resistance to stress (stress test).
• Complex queries.This type of attack is directed against web systems built in interpreted languages ​​such as PHP or Python. The fact is that modern application servers are well optimized for mass execution of simple queries, some of which are cached and do not require code execution. However, highly personalized queries, the answers to which do not get into the cache, can create a large load on the system. In the normal mode, there are not very many such requests, and therefore the system copes with them, however, attackers can provoke a large number of them, which will lead to the exhaustion of processor time. Such an attack also does not need a large number of requests, however, it requires special preliminary training and qualification of the attackers, therefore it is very rare.To prevent attacks using complex queries, it is worth conducting an audit of the application code and its architecture, as well as stress tests. Some CMSs have built-in application profiling mechanisms to help identify these bottlenecks; they should also be used at least during test operation.
• Capturing resources. Attacks are quite possible when an attacker in one way or another gains control over a company's resources, for example, its cloud services, and then blackmails by destroying the information accumulated in them. Such attacks can also be classified as DoS, since the result of the implemented threat is the decommissioning of the system. As a rule, the ability to seize resources appears with a weak authentication system, so for administrative accounts (especially in public services), it is worth using strong authentication methods and recording administrative commands with blocking the most dangerous of them.

Target of DoS attacks

The targets of attackers are the resources of companies whose business is strongly connected with the Internet: electronic stores, bank portals. Typically, attackers will extort money to stop a DoS attack - sometimes this ransom is less than the loss of business suspension and damage to reputation. In some cases, a DoS attack serves as a cover for another attack. For example, by stealing a large amount of money from bank customers, an attacker can launch a DoS attack on a remote banking system so that victims cannot check the status of their accounts until the money is withdrawn and hidden.

However, in recent years, cases of cyber terrorism have become more frequent, the purpose of which is to disable state information resources. In this case, the payback of the attack is difficult to assess, since the money comes from terrorist structures. As a rule, terrorists attack less protected resources, so it is enough to have minimal protection against a DoS attack - then the criminals will most likely find themselves another victim.

Source of DoS attacks

The reasons that allow attackers to conduct DoS attacks can be very different, but in any case, it all comes down to vulnerabilities in web applications and errors in network configurations. Today's web resources are complex and constantly changing systems, which leads to the appearance of gaps in them - both at the level of application code and at the network level. At a minimum, you need to have tools for installing updates for system software, code analyzers, mechanisms for auditing the configuration of network devices.

Risk analysis

To protect against DoS attacks, the user can use the following protection mechanisms:

• Code analysis. If a web application is developed independently or to order, then errors may appear in it. To find them, services and programs for analyzing application code are offered. It is recommended that before submitting a written system to the public, check it on such an analyzer and correct the most dangerous errors.
• Updating applications. If the application is third-party, then it is worth using the update installation system. For the operating system, DBMS and application server, updates should always be installed, albeit after checking in a small pilot configuration.
• WAF (Web Application Firewall). Sometimes a DoS attack can be handled by an application layer screen (WAF), which will block exploitation attempts and rogue protocols. It can also block privileged users' attempts to destroy valuable data.

It should be noted that DoS attacks become more powerful and sophisticated over time, so the likelihood of being hit by them increases. In this case, a DoS attack, as a rule, begins at the most crucial moment, when the company expects to get the maximum profit. This is why attackers rely on the success of their blackmail. Accordingly, if your business is connected with Internet sales, then you will most likely not be able to stay away from such risks.

 

[Carding 4 Carders]

️What are DDoS attacks and how does It work?​

Internet usage has grown exponentially, and not all of its controls have grown proportionally.
An interesting fact is that DDoS attacks advocate distributed denial of service and are today the most common method of web attacks, the main weapon of hackers and APT groups (advanced persistent threats) who seek to hide their real intentions under a cloud of HTTP requests.
DDoS attacks are an attempt to make an online service unavailable by overloading it with traffic from multiple sources.
They target a wide range of important resources, from banks to news sites, and pose a major challenge to ensuring that people can post and access important information.
Recently, the New York Magazine website announced a DDoS attack, in connection with which the site became unavailable for more than 12 hours.

Types of DDoS attacks​

DDoS attacks come in many forms, from Smurfs to Teardrops, to Pings of Death.
Detailed information about the types of DDoS attacks is provided below:

• TCP connection attacks-they attempt to use all available connections to infrastructure devices, such as load balancers, firewalls, and application servers. These devices can destroy even servers that can maintain millions of connections.
• Bulk attacks-they attempt to use bandwidth either on the target network / service, or between the target network / service and the rest of the Internet. These attacks simply cause congestion.
• Fragment attacks-they send a stream of TCP or UDP fragments to the victim, suppressing the victim's ability to reassemble the streams and significantly reducing performance.
• Application attacks-they attempt to suppress a specific aspect of an application or service and can be effective even with a very small number of attacking machines that generate low traffic speeds (which makes them difficult to detect and reduce the threat).

We have already explained two types of cyber attacks, SQL injection and XSS attacks in our previous articles.

 

[Carding 4 Carders]

How to protect your organization from DDOS attacks​

What is DDoS?
A DDoS attack (distributed denial of service) is a type of attack that originates from multiple computers or devices.
The purpose of a DDoS attack is when multiple systems overflow the target system's bandwidth or resources, usually one or more web servers.
Attacks such as DDOS are often the result of multiple compromised systems (such as botnets) that link the target system to traffic.

Protecting corporate networks from DDoS Attacks
An organization should always provide and focus on the maximum level of protection for corporate networks, and you can try a free trial to stop a DDoS attack in 10 seconds.
Corporate networks must select the best DDoS prevention services to provide protection against DDoS attacks and prevent their network and website from future attacks.
Implement DDoS protection infrastructure that is available as a service at all times or on demand, which protects any assets from any DDoS attacks of any size.
An organization must securely protect its DNS servers from DDoS attacks by applying name server protection.

Different types of DDoS attacks
1) volume-based Attack: includes UDP streams, ICMP floods, and other packet-tampering floods.
2) Protocol Attack. Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDOS Attack, and many others.
3) Attack Application Layer Attack: includes low - and slow-speed attacks, GET / POST flooding, attacks targeting Apache, Windows, or OpenBSD [OpenBSD is a free and open-source Unix-like computer operating system derived from the Berkeley Software Distribution (BSD)], and more.

Motivation for a DDoS attack

• Ideology
• Cyberwarfare
• Business feud
• extortion
• Online games

Warning methods:

• A DDoS attack is launched simultaneously from several different hosts and can affect the availability of even the largest Internet services and infrastructure protection resources.
• They are a daily occurrence for many organizations; between August 2015 and November 2016, 226,500,000 attacks were blocked – 500,000 attacks per day-and none of them were successful.
• 95% of total monthly bandwidth savings and $ 250,000 in cost savings on servers, bandwidth, personnel, and other security measures.
• Protect your Internet devices and website to block hacking attempts by malicious bots. In addition, these services also help protect the Internet as a separate network, as it concerns reducing the number of devices that can be attracted to participate in a DDoS attack.
• The main protocols hackers use to generate DDoS traffic are NTP, DNS, SSDP, charger, SNMP, and DVMRP; any services that use them must be carefully configured and run on hard dedicated servers to prevent a DDOS attack.

General protection against DDoS attacks

• Decreased IP connection speed.
• Use IDS, web application firewalls.
• Tweak Connection для IP-порога.

DDoS attacks are measured in two dimensions: the number of malicious packets per second (PPS) and the attack bandwidth in bits per second (bps).

Simple methods to protect your network from DDoS attacks:

• Change the default password-the virus can find the default settings for IP devices to take control, it is better to change the default password to prevent a DDOS attack.
• Software update. As the battle between cybercriminals and security experts continues, the need to stay up-to-date with the latest security updates and patches becomes more important. Pay attention to the latest updates and make them part of the routine to stay on top.
• Preclude remote management. Disable the remote management Protocol, such as telnet or HTTP, that provides management from another location. Recommended secure remote management protocols are SSH or HTTPS.

Eliminating DDoS attacks:

• Transparent softening. Hackers usually count those users who lose access during a DDOS attack. Since your users don't need to know or worry about being attacked, any change prevention technology should allow people on your site to move without delay and without sending through support zones, splash screens, or receiving outdated cached content.
• Bots can't talk, people can-everyone talks about the growth of chatbots or web robots, but they forget that people are also very good. Hackers conduct DDoS attacks, causing dissatisfaction, disrupting the operation of websites and users. This will give you a deeper idea of how well or not your system is anti-DDos.
• Make sure you hit all the bots. If we register many websites at the same time and open so many Windows at once, it can slow down the sites. So make sure that your screening is airtight, blocking all requests from application-level bots.

In fact, there are two parts of DDOS Attack protection: the first is detecting the site under attack, and the second is effective protection.
Detection is rarely overlooked due to its insidious nature.
Of course, your solution can accurately detect an attack, but it remains inactive when the site is not under attack.
Also, after such attacks, you may need legal protection of intellectual property rights your company.
The necessary defensive measures are just as bad as no protection measures at all for a DDOS Attack.