BrightScan #ThreatIntelThursday | Denial of Service Attacks 💻 💀
This article is part of #ThreatIntelThursday @OpenAVN, an ongoing series that offers readers authoritative, but easily digestible, information about different malware, how they might be vulnerable to attacks, and what they can do to protect themselves. To read past Threat Intel Thursdays articles, click here. (We suggest starting from Week 1: Malware.)
What is a Denial-of-Service Attack?
A denial-of-service attack (DoS attack) is a specific type of cyber attack where the attacker attempts to make the device or machine — which can be anything from your computer to your company’s email server — unavailable to its user.
A DoS attack is typically accomplished by flooding the target machine with an overload of fake or superfluous requests in order to overload the machine and prevent some or all legitimate requests from being fulfilled — thus, denying service to the actual machine user.
A DoS Attack can actually be compared to trying to merge into a traffic jam — all the other cars are falsified or spoofed requests that jam up the server, while your car is you — the actual user of the server — who cannot merge into traffic because of all the falsified requests!
Common Types of DoS Attacks
- Distributed: in a distributed DoS attack (DDoS), the incoming requests that flood the user’s machine come from multiple sources.
- Smurf Attack: in a Smurf Attack, the attacker sends Internet Control Message Protocol broadcast packets to multiple hosts with a falsified IP address that actually belongs to the victim of the attack (or the host computer). The recipients of these fake packets then respond, which leads to the host computer becoming quickly overloaded with responses.
- Application Layer Attacks: an application layer DDoS attack (sometimes referred to as a layer 7 DDoS attack, based on the 7-layer OSI model of computer networking) target application layer processes, rather than an entire system. Application DDoS attacks are most often used to target financial institutions as a way to distract security and IT personnel from more significant security breaches. An application DDoS differs from a normal DDoS attack by its focus on a specific function or feature of a website, with the intent to render those functions or features useless to the user.
- Advanced Persistent DoS (link to APTs): APDoS attacks are associated, as the name suggests, with Advanced Persistent Threats (a previous topic of our Threat Intel Thursdays). An APDoS can last for weeks (the longest recorded APDoS to date lasted for 38 days!).
Symptoms of a DoS Attack
Lucky for us, the U.S. Computer Emergency Readiness Team (US-CERT) has laid out specific symptoms that may help diagnose a DoS attack:
- Unusual slowness in network performance (i.e. accessing websites or opening files)
- Particular website appearing to be unavailable
- Inability to access any website.
To defend your system from DoS Attacks and other digital threats, a lightweight but heavy-duty EPP is imperative. BrightScan is a cloud-based, blockchain-powered endpoint protection platform that can be customized to fit your needs and is user-friendly enough for the home office and powerful enough to protect large enterprises.
Contact our Head of Sales, Jourdan Parkinson, to schedule a free demo of our cloud-based EPP, BrightScan, or just to chat about how our products can work for you.
For more of the latest in cybersecurity, subscribe to OpenAVN’s blog right here on Medium. In addition to Threat-Intel Thursdays, we also write about breaking news, thought leadership, and deep-dives into cyber intel.
About the Author: Ted Udelson, PMP, CISSP, Security+, Network+, A+ is the chief learning officer and cofounder of Succinctive Training, LLC. Ted uses his over 35 years of experience in information security and technology to inform his writing for #threatintelthursday.
