DDoS, or zombie computers are attacking. How to defend against them?
The Internet of Things is growing in strength, and with it the danger of turning thousands of cameras or refrigerators into huge botnets, cutting off access to key services. Fortunately, you can defend against DDoS attacks.
What do we usually associate with the hacker attack? The criminal breaks into critical infrastructure, steals sensitive data from it and sells on the black market. In this way, 400 GB of data from UN servers was stolen in February. Our NBP has also recently been the victim of a hacker attack. Fortunately, the burglars did it only for entertainment and did not exchange any data.
However, there are other types of attacks when the goal is to disable a service. These are DDoS (Distributed Denial of Service) attacks.
DoS, or an access denied attack.
The Distributed Add- on has only become more important in the last two decades when the internet has become a common medium. Previously, hackers usually limited themselves to one device sending queries.
The first attack of this type took place over 40 years ago , when a 13-year-old student decided to play a trick on PLATO (Programmed Logic for Automatic Teaching Operations) system users. He used the external command to do this, which allowed communication with other devices connected to the educational terminals.
However, if no device was connected to it, then the terminal hung up. Thus, the teenager developed a script that sent a command to all devices in the computer room, effectively denying access. It only helped restart, and later disable the unlucky command. However, the culprit himself was not targeted at that time. A perfect crime!
In more modern times, a similar patent could be used for online forums. These crashed after receiving too many queries. The effect was also to disconnect ordinary users who were browsing their favorite threads.
DDoS, i.e. we join forces.
As the number of devices connected to the network increased, new models of attacks began to appear - this time from many places simultaneously. That's how the first letter was co-opted into the acronym.
One of the first attacks of this type took place in 1999 on the University of Minnesota computer network. It fell victim to an attack of 114 computers controlled by the Trin00 script. The result was an army of zombie devices that obeyed the cybercriminal's orders. He first communicated with the Masters line of computers to then watch the commands being passed to the Deamons line. It was here that the university network was flooded with data packets. Interestingly, users of hijacked computers may not even know that their machines are part of a botnet, conducted by a hacker.
Today, virtually every access denied attack is a DDoS attack. In this way, the Anonymous group attacked websites of Polish parliamentary and government institutions after signing the ACTA agreement in 2012. DDoS was also used to mask the attack on PlayStation servers. The purpose of hackers was to steal data from console owners, and the botnet was used as a smoke screen.
DRDoS, or DDoS on steroids.
DDoS attack strength is measured by the amount of information sent by the network of hijacked devices. They can be hundreds of gigabytes per second that no servers can handle. So you can guess that cyber criminals were looking for ways to increase the effectiveness of their attacks. So they used IP spoofing. The attacker therefore sends a query to the network nodes, which then broadcasts them throughout the domain. The query is faked in such a way that computers think that its author is not the attacker, but the victim. And that's why response packets go to a server that didn't send a query at all.
Hackers take advantage of the weaknesses of DNS , SNMP and NTP . In the case of the former, the answer is 8 times greater than the query, but for the NTP protocol the difference is even 200 times. All this means that the servers under attack are put to a huge test.
More devices connected = greater risk.
The Internet of Things is slowly becoming a reality. We connect TVs, refrigerators, washing machines, cameras, parking meters, bus shelters or even litter bins. All of them can potentially be included in the botnet. If the security of the devices that surround us on a daily basis is insufficient, then the situation of 2016 may repeat, when a botnet consisting of 25,000 webcams was discovered . In October this year, he broke access to the network in a large area of the US east coast .
The IoT revolution is progressing before our eyes, but at the same time we must be prepared to face cybercriminals who want to use them for their own good. So how do you protect yourself against DDoS attacks?
TAMA of Polish Exatel.
Exatel is a Polish company that has been providing secure services for operators, business and the public sector for over 20 years. Has over a thousand clients, including the Ministry of the Interior and Administration or the Ministry of National Defense, as well as banks, energy companies, large international corporations and other operators.
In addition to telecommunications services, he also deals with cyber security. Her main weapon to fight DDoS attacks is TAMA - a proprietary solution built in 2019. It's a service that literally damages the queries generated by the attackers. The tool analyzes traffic continuously. If it detects an unusual event and classifies it as harmful, it will take action. It filters traffic in such a way that only secure queries reach the client's network.
In this way, companies can protect themselves against the unwanted consequences of attacks. We can imagine how severe the cutting off of the banking platform can be - not only for the institution's finances, but also for its image.
* The partner of the article is Exatel.
DDoS, or zombie computers are attacking. How to defend against them?
Comments
Post a Comment