What is a DDoS attack and what are its consequences?

A denial of service attack or DDoS attack for its acronym in English, is carried out by sending massive illegitimate requests to a server, web service or network, to exceed its capacity and leave it disabled for legitimate users.

This DDoS attack are an increasingly present threat in the region and that is why ESET a leading company in proactive threat detection, warns how to protect yourself and avoid them.

Consequences of a DDoS attack

The consequences of a DDoS attack can be varied. For example, it may affect an online store whose business is based on the sale of products offered through a platform or website. In the event that the store is the victim of a denial of service attack, the company will be financially affected as a result of the inability for customers to purchase due to service being interrupted and this preventing them from entering the store.

“Denial of service attacks are a way of putting pressure on organizations and affecting their resources, either for ideological motivations or also in pursuit of economic gain. They have become another tool in the arsenal of cybercriminals who are becoming increasingly more aggressive,” comments Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Laboratory.

In a DDoS attack, many sources are used simultaneously to send false requests. Generally, distributed attacks use botnets, which are a network of devices infected with malware that is controlled remotely and allows attackers to execute instructions on many computers simultaneously. Without the user knowing, any device connected to the internet It can be used by the attacker to give the order to send these requests towards the target of the attack, forming an army of zombies, as they are known, that will be at the command of the cyber attackers.

Traditionally, this modality was related to hacktivist actions that used it as a measure of pressure on organizations, and sought to affect services or the image of the objectives. In recent years, it began to be used by cybercriminal groups to extort organizations and companies for the sole purpose of making a profit. The threat, through ransom notes, is to carry out the attack unless large sums of money are paid, generally in cryptocurrencies. This type of attack has been called Ransom DDOS (RDDoS).

On the other hand, it also began to be used as part of the pressure that cybercriminal groups exert on ransomware victims. To the set of coercive practices (such as doxing, print bombing or cold calls) added the threat of carrying out a DDoS attack, as a way to increase the pressure and try to get the victim to pay the sums demanded, not only for the ransom of the encrypted information.

Although DDoS attacks can be difficult to deal with without adequate resources such as hardware or sufficient bandwidth. Below, ESET recommends some basic points to reduce the risks:

• Monitor network traffic to identify and block anomalies or false requests.

• Have backup servers, web and alternative communication channels, as a recovery plan in the event of an effective attack.

• Using cloud services can help mitigate attacks due to greater bandwidth and infrastructure resilience.

• Use protection services that can mitigate the impact of an attack.

“Information security has 3 pillars: availability, integrity and confidentiality. We can say that DDoS attacks compromise the availability of information that must be accessible and usable when required. Attackers manage to disrupt services by affecting the container of the information asset: hardware, software, applications, servers or networks. They do this through buffer overflow (consumption of space on a hard drive, memory or processing capacity) or through flooding (saturation of a service with an excess of packets),” explains Gutiérrez Amaya from ESET.