With many types of cyber threats, applying a patch for a known vulnerability or training employees not to click the link is an effective solution to the problem. Unfortunately, the same cannot be said of Distributed Denial of Service (DDoS) attacks. DDoS attacks are a threat to any organization since they are focused on overwhelming a service’s ability to respond to requests. While DDoS has been around for a while, the techniques and sources of DDoS attacks continue to evolve.
The Many Layers of DDoS
The goal of a DDoS attack is always the same: to degrade or destroy a service’s ability to operate. This objective is accomplished by identifying a bottleneck in the service’s operations and sending more malicious requests to that service than the maximum capacity of that bottleneck. However, most systems have multiple different bottlenecks that can potentially be attacked.
One common tactic for DDoS attacks is to target services at the network level. Every network has a maximum bandwidth that it can support, and every computer can only open, maintain, and process so many connections before it is incapable of accepting any more. By sending a large quantity of massive packets to a target, a DDoS attacker can flood the network with more traffic than it (or the endpoints on it) can handle.
However, this approach to DDoS attacks has its issues. One of these is that it can take a massive volume of traffic to overwhelm a target system. This requires the attacker to have a massive botnet to perform the attack; however, this is not an insurmountable challenge due to the large number of available insecure Internet of Things (IoT) devices and cloud-based computational power available for rent.
The other major issue is that DDoS attacks targeting the network level are often easily detectable since they are composed of a large volume of traffic and/or extremely large packets coming from a relatively small set of client addresses. This type of traffic can be easily identified and filtered.
Application-level DDoS attacks try to solve these problems by moving the target of the attack to a higher level on the networking stack. Attacking at the application level often requires a lower volume of traffic and requests that are less easily identifiable as malicious (like a simple HTTP GET request). DDoS attackers take advantage of this to launch more efficient and effective DDoS attacks.
Mobile Leads the Attack
While the expansion of DDoS attacks to the application level may not be surprising, the sources of these attacks may be. In Q3 2019, 41% of application-level DDoS attacks originated from mobile gateways, meaning that the attackers were compromised mobile devices.
In the space of mobile devices, Android is typically considered much less secure than iOS. The “walled garden” approach of Apple to apps running on iOS and the near-constant news stories of Google removing malicious apps from the Play Store support this belief.
However, while iOS is generally more secure than Android, this doesn’t mean that Android is to blame for the sudden growth in DDoS attacks originating from mobile devices. In fact, of the 41% of application-layer DDoS attacks coming from mobile, 31% are from iOS, and only 10% are from Android.
With iOS’s relatively strong security compared to Android, it is surprising that they are the source of over three times as many DDoS attacks. The probable cause of this volume of malicious traffic originating from iOS devices is jailbreaking.
On iOS, the same limitations that make the operating system so secure also irritate many users who wish to have more control over their mobile device. As a result, many users jailbreak these devices, taking advantage of unpatched exploits in the device’s operating system to elevate their privileges from user level to root.
This allows them to have more control of their device’s configuration and install mobile apps not offered in the Apple App Store. However, these third-party apps do not benefit from Apple’s security scanning, meaning that they can contain built-in malware. This embedded malware can take over iOS devices and use them in DDoS attacks.
The Future of DDoS
Unfortunately, DDoS attacks are relatively simple for even an unsophisticated cybercriminal to perform. Tools for running a DDoS attack are publicly available, and the source code of Mirai, malware that built a massive DDoS botnet, has been publicly leaked. If this was not enough, DDoS attacks have become so cheap to perform that cybercriminals operating DDoS botnets can offer DDoS for hire services for a very reasonable price while making a tidy profit.
As a result, DDoS attacks are common and growing increasingly so. Unfortunately, as technology advances, this will continue to be the case. 5G, the next step in the evolution of mobile networks, will improve mobile computing but also make DDoS attacks driven by mobile and IoT devices even larger and more dangerous.
Since DDoS attacks take advantage of the design and limitations of the target services, they aren’t something that can be fixed by applying a patch for a known vulnerability. As DDoS becomes more of a threat and more organizations are in the crosshairs, deploying a strong anti-DDoS solution grows in importance. However, when doing so, it is important to pick the right one. As attackers move to application-level attacks, these attacks become more difficult to detect and remediate. Protecting against the future of DDoS will require nothing less than next-generation DDoS protection.
Article Submitted By Community Writer