10-21-16 | Blog Post
Many major internet sites were slow or entirely downed on Friday thanks to at least two Distributed Denial of Service attacks, according to Engadget. The first attack came Friday morning at 7:10 a.m. and affected Dyn, one of the major domain name systems of the internet. Affected sites included Twitter, Spotify, Reddit and The New York Times.
Dyn claimed to have everything back up and running, but another attack hit at about 12 p.m., causing Twitter to shut down entirely and other sites to be slow to respond. The U.S. government is investigating whether this was just a stunt or a criminal act.
So, how do you break the internet? Aside from being Kim Kardashian, a DDos attack is one of the best ways, and becoming more and more popular. What is a DDos attack? It’s when you flood a site or domain with too much traffic, and the system crashes as a result of all of those requests. Either the specific website whose servers you targeted or sites that use that particular DNS to route requests subsequently go down, leaving users unable to visit those pages. Think of it as you having a conversation with someone: With one person, you can carry on a normal conversation. With two people, it gets a little trickier, but it’s still manageable. But if 100 people are trying to have a conversation with you, all at the same time, you shut down and hide in a corner without talking to anybody. When a site’s servers are hit by a DDoS attack, it’s doing the same thing. There are different types of DDoS attacks, but for each one, the principle remains the same: Deny service by flooding a server, site or DNS.
One way cybercriminals are able to successfully orchestrate a DDoS attack is to use botnets (a host of infected devices that have been turned for malicious purposes) to direct traffic to a particular site or domain. They can be controlled remotely, and the user whose computer is part of a botnet might not have any idea that their computer is suddenly attacking others. I like to think of botnets like a zombie army that’s programmed to attack your network instead of your brain.
Zombie armies sound pretty scary. How do you prevent your computer from being conscripted into such a role? At an individual level, protecting your computer from threats of malware and spam by installing good anti-virus software is one way to start. The fewer infected computers there are, the harder it is to create a botnet in the first place to launch a DDoS attack.
But if you’re an organization looking to protect yourself from the threat of an attack, that’s probably not enough. At a high level, any web request (legitimate or not) takes up bandwidth, and the more traffic you get, the more bandwidth you will use until you’re maxed out. So, you can plan ahead by having extra bandwidth available to handle any peaks in traffic—malicious or not.
Unfortunately, bandwidth is also expensive, and not every organization can afford to protect itself that way. It’s best practice to have protection at the network level to help mitigate or prevent a system crash. Having firewalls to block incoming traffic and good load balancing to properly distribute the traffic you get goes a long way. Blocking your outbound traffic is also one way to protect yourself from being part of a DDoS attack, because your firewall can prevent suspicious requests from being sent out from your computer, even if your network is part of a botnet.
Protecting your DNS and its servers is another: If that part of your network isn’t under lock, even if your website wasn’t directly compromised, people can’t visit your site without DNS. This was exactly what happened to Dyn on Friday. Setting up rules to block certain addresses and packets can help keep your servers protected from mysterious and potentially dangerous queries.
Most of the time, DDoS attacks are done as a stunt, to make a point that a site’s servers are vulnerable and can go down. However, they can also be a criminal attack designed to harm an organization’s revenue or reputation, or be used as a distraction from a different kind of cyber attack. It remains to be seen whether the attack on Dyn’s systems today was a criminal act or just an extremely successful prank. Either way, thanks to their growing popularity and ease of use, we should expect several more internet “breaks” to come.