Insights

What is a DOS attack?

Written by Andy Hurley | January 28, 2015

Denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks are attempts to make computer resources unavailable to its intended users.

The perpetrators of such attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways and even root nameservers.

These attacks are ever on the increase and in a recent study commissioned by website security provider - Incapsula it was estimated that such DDoS attacks cost companies in the region of $40,000 per hour. 49% of the attacks highlighted in the survey last between 6 and 24 hours with an estimated average cost of $500,000.

One common method of attack involves bombarding the target with so many external communication requests that it renders it impossible for it to respond to legitimate traffic in any meaningful way. DoS attacks are intended to force the targeted computer to either reset or to eat up its resources so that it can no longer provide its intended service. A recent example was the outage on the Xbox and PlayStation online service over the Christmas period.

There can be differing reasons behind these attacks and they can provide a platform for the perpetration of further cybercrime. For example, if the DDoS target is a security service, such as an intrusion detection system, then deactivating the service can allow easier break-ins. If a hole is found in an operating system, which allows for remote code execution, then a DDoS on the OS vendor's update site will delay application of a fix, thus allowing for a longer window of exploitation.

Another reason for an attack could be that as the DDoS itself is likely to generate many thousands of logs, it will make detection of malicious non-DDoS actions harder: log entries which would normally trigger alarms go under the radar, because the IDS and the people who look after it are overwhelmed by the DDoS-related flow.

Since a DDoS threatens the continuity of business activities, some organisation may apply emergency procedures which aim at maintaining the service at the possible expense of security. For instance, if a DDoS implies an overload of an email-antivirus, then the organisation may decide to switch off the antivirus, so that emails flow again; thus allowing a virus may enter more easily. Another case is an organisation who switches to an alternate site which might not be as well protected. These approaches to security breach therefore produce a double-whammy effect and are extremely damaging to businesses.

There are a number of actions that you can take to ensure you minimize the likelihood of such an attack, but the most important thing to remember is everyone is vulnerable and prevention may not be possible, in my next blog I will explore in further detail how to safeguard against these attacks.

Have you ever been affected by a DOS attack?