With technological advancements growing rapidly, cyberattacks have also grown dangerously powerful. The reason being, cyberattacks are growing in both quantity and range of technology that can be weaponized. Cybersecurity has become one of the important focal points for organizations with cybercriminals trying out novel technologies to facilitate their dangerous attacks — big or small.
Among the popular cyberattacks, the Distributed Denial of Service (DDoS) attack is among the most complex and dangerous attacks. The reason being "the cost of a DDoS attack according to recent security surveys averages between $20,000 – $40,000 per hour," reported Cox Business. However, most people usually get confused between Denial of Service and Distributed Denial of Service. Though they are written almost the same, they have key differences. This post will discuss both attacks, their differences, and the worst attack among them.
What is Denial of Service?
Denial of Service (DoS) is a type of attack wherein attackers disrupt the function of any application, network, or system, preventing normal user access. Attackers usually target popular apps and services since millions of users already access them, so it is easy to overload its infrastructure to cause a denial of service. Also, it is easier to hide among the huge traffic.
DoS attacks are typically executed by flooding or overloading the target machine with random requests until the target cannot process any more load, resulting in a denial of service to its users. DoS attacks are characterized by using a single source for executing the attack, i.e., the attacker uses just one machine.
In a DoS attack, the major focus is to oversaturate or overwhelm a target machine's resources, making it unable to handle more work (or requests) and resulting in denial-of-service for other users. Though there are numerous attack vectors of DoS attacks, they can mostly be grouped into two categories:
Buffer overflow attacks
Buffer overflow attacks target software vulnerabilities to overflow the resources, including CPU, memory, or storage space. These attacks exploit logic flaws and are executed with specially crafted code. This type of attack mostly causes sluggish performance, system crashes or freezes, or other issues, which results in denial of service. These types of attacks are usually prevented by keeping the systems up-to-date with patches.
Flood attacks
Flood attacks do not use any software vulnerabilities in the target system, but instead, they flood or overwhelm the target with an overwhelming amount of data packets (or requests). This floods the system's capacity (available resources) to handle more requests, resulting in denial-of-service for its users. These types of attacks are arguably more difficult than buffer overflow attacks. That is why DDoS protection services are getting popular — they help to detect and stop them. Flood attacks perpetrated by one system are considered DoS attacks; however, the same attack orchestrated across multiple attacking systems is considered a DDoS attack.
What is Distributed DoS?
Distributed Denial of Service (DDoS) is the next-level attack of Denial of Service. Although DoS attacks owe their power to minimal requirements and simplicity, DDoS attacks owe their power to numerous traffic sources. DDoS attacks are as powerful as the number of networks or systems sending the traffic flood to the target system. DDoS attacks are harder to detect and block than DoS attacks.
Though DDoS attacks are also executed by flooding the target machine with requests, the requests come from multiple and distributed sources, making them different from DoS attacks. For example, cybercriminals use botnets and other distributed networks or systems to execute a DDoS attack. According to Norton, "in 2016, Dyn, a major domain name system provider — or DNS — was hit with a massive DDoS attack that took down major websites and services, including Airbnb, CNN, Netflix, PayPal, Spotify, Visa, Amazon, The New York Times, Reddit, and GitHub." The Mirai botnet caused this attack, and it was disruptive enough to bring down major apps and services and cause a worldwide outage.
Why is DDoS More Dangerous?
First of all, DoS and DDoS are both dangerous because it is difficult to separate such an attack from heavy traffic or network connectivity issues. However, there are some hints of an ongoing attack: an unseen slow network performance, a denial of service by one of the digital properties, or an unknown loss of network connectivity to machines on the same network. If you notice any sudden downtime or performance issues in layman's terms, it may be due to a DDoS attack.
Secondly, DDoS attacks are more dangerous than DoS attacks because the former ones are launched from distributed systems while the latter ones are executed from a single system. Thus, it is harder for security products and teams to detect the origin of the attack. Also, if there are multiple sources, they all need to be detected and blocked for preventing an ongoing attack, which increases the complexity of DDoS attacks, making them even more dangerous.
Historically, it seemed impossible that a DDoS attack could surpass a volume of 1Tbps (Terabits per second). However, in September of 2017, Google faced a 2.5 Tbps DDoS attack, which shocked the industry. Now, with the recent technological advancements in cloud computing and Internet infrastructure, cybercriminals have more resources than ever. That is why organizations must assess their risk and exposure to DDoS and consider DDoS protection services, like Imperva DDoS Protection, to protect their business.