Distributed-denial-of-service attacs (DDoS) Attacks Explained: How They Work and How to Protect Yourself
In essence, and simply put, so-called distributed-denial-of-service attacks (DDoS) or plainly denial-of-service (DoS) attacks are targeting Internet-facing applications and IT services by blocking access to them for ordinary users for some time.
DDoS – How it works and how to protect your home
One of the largest DDoS attacks ever seen happened during Halloween 2024 when the total amount of traffic to one application reached as high as 5,6 Tbps (Terabits per second). To better understand the massive data traffic, it can be compared to the Helsinki Ring I (Kehä I) a busy morning when a car collision creates a massive queue of cars stopping all traffic for hours until first responders can release the traffic again.
The DDoS attack was initiated through a network of hacked Internet of Things device (IoT), estimated to be around 13 000 such devices. How to protect your home device and why criminals are interested in hacking them can be found through Home network and router security | NCSC-FI.
The reason for starting a DDoS attack varies with who is behind it. Today it is rather cheap to buy the service from so-called DDoS-as-a-Service providers, starting as low as 8 € for one hour. In the low end there are persons who have a dispute or are disgruntled against an organization, to competitors who wants to take advantage of that the service don´t work for their competitor, to criminals who are blocking online shops to demand money to stop. In a separate part, the Nation States and Hacktivists take aim at disrupting government sites etc. to make their point.
DDoS attack types
The most common types of DDoS attacks are targeting either network devices, usually called network layer attacks or Layer 3 and 4 attacks, or application related attacks, also called Layer 7 attacks, targeting the application. Within these two classes there are numerous ways to start the attack. The easiest, based on how the protocol on the Internet is created, is to request a certain server to reply with some data, but instead to the sender it is sent directly to the target server for a DDoS attack. Doing this from thousands of compromised servers, IoT, workstations, or other devices will create a flood of data to the targeted server, exhausting it so no other access can be done by ordinary users.
In addition, there are other ways to disrupt the traffic for users. During last year some organizations experienced disruptions due to sea cables being cut in the Baltic Sea but also unintentional updates of security software that locked a large number of Windows workstations worldwide, preventing businesses.
The amount of DDoS’s is increasing
The European Union Agency for Cybersecurity (ENISA) and Finnish Traficom´s National Cyber Security Centre (NCSC) both highlight that the number of DDoS attacks is increasing. In a recent report from ENISA they show the number of DDoS attacks against European organization last year constituted 46% of all threats and out of them 12,5% was targeting the Financial Sector, which is Samlink´s client base for the service that we provide. NCSC in addition have added that even if there has been some major impact on a leading bank in the Nordics no trust services have seen any prolonged disruptions, since they are rare in Finland.
Artificial Intelligence (AI) tools have lowered the barrier for attackers to carry out large volume attacks with a higher sophistication to circumvent DDoS protection. The AI tool can help in making the traffic initiate against the target to better mimic real-world traffic and of course the attackers can also use AI to find new vulnerabilities in systems, networks, and software. On the other hand, more and more organizations are starting to use AI as a mitigating tool.
The future, party related to the geopolitical situation and with Finland as a NATO member, and partly related to the each of initiating DDoS attacks we will most likely so continuing large number of attacks and with a higher level of sophistication when the AI tools are improved.