Cyberattacks have become a fact of life, with data breaches of high-profile businesses and organizations making headline news practically on a daily basis. One common type of the cyber threat is a denial of service (DoS) attack that—as its name implies—renders websites and other online resources unavailable to intended users.
DoS threats come in many flavors, with some directly targeting the underlying server infrastructure. Others exploit vulnerabilities in application and communication protocols.
Unlike other kind of cyberattacks, which are typically launched to establish a long-term foothold and hijack sensitive information, denial of service assaults do not attempt to breach your security perimeter. Rather, they attempt to make your website and servers unavailable to legitimate users. In some cases, however, DoS is also used as a smokescreen for other malicious activities, and to take down security appliances (e.g., web application firewalls).
A successful DoS attack is a highly noticeable event impacting the entire online user base. This makes it a popular weapon of choice for hacktivists, cyber vandals, extortionists and anyone else looking to make a point or champion a cause.
DoS assaults often last for days, weeks and even months at a time, making them extremely destructive to any online organization. They can cause loss of revenues, erode consumer trust, force businesses to spend fortunes in compensations and cause you to suffer long-term reputation damage.
Extortion – An increasingly popular motivation for DDoS attacks is extortion, by which a cybercriminal demands money in exchange for stopping (or not carrying out) a crippling DDoS attack. Several prominent online software companies—including MeetUp, Bitly, Vimeo, and Basecamp—have been on the receiving end of these DDoS notes, some going offline after refusing to succumb to the extortionists’ threats.
Similar to cyber vandalism, this type of attack is enabled by the existence of stresser and booter services.
Typical assault method: DDoS
Personal rivalry – DoS attacks can be used to settle personal scores or to disrupt online competitions. Such assaults often occur in the context of multiplayer online games, where players launch DDoS barrages against one another, and even against gaming servers, to gain an edge or to avoid imminent defeat by “flipping the table.”
Attacks against players are often DoS assaults, executed with widely available malicious software. Conversely, attacks against gaming servers are likely to be DDoS assaults, launched from stressers and booters .
Typical assault method: DoS, DDoS
Business competition – DDoS attacks are increasingly being used as a competitive business tool. Some of these assaults are designed to keep a competitor from participating in a significant event (e.g., Cyber Monday), while others are launched with a goal of completely shutting down online businesses for months.
One way or another, the idea is to cause disruption that will encourage your customers to flock to the competitor while also causing financial and reputational damage. An average cost of a DDoS attack to an organization can run $40,000 per hour.
Business-feud attacks are often well funded and executed by professional “hired guns,” who conduct early reconnaissance and use proprietary tools and resources to sustain extremely aggressive and persistent DDoS attacks .
Typical assault method: DDoS
Cyberwarfare – State-sponsored DDoS attacks are being used to silence government critics and internal opposition, as well as a means to disrupt critical financial, health and infrastructure services in enemy countries.
Backed by nation-states, these well-funded and orchestrated campaigns are executed by tech-savvy professionals.