Skip to main content
search
Articles

DDoS attack: Main features and how to protect yourself

By June 9, 2023#!30Wed, 28 Jun 2023 17:16:43 -0300p4330#30Wed, 28 Jun 2023 17:16:43 -0300p-5America/Sao_Paulo3030America/Sao_Paulox30 28pm30pm-30Wed, 28 Jun 2023 17:16:43 -0300p5America/Sao_Paulo3030America/Sao_Paulox302023Wed, 28 Jun 2023 17:16:43 -0300165166pmWednesday=904#!30Wed, 28 Jun 2023 17:16:43 -0300pAmerica/Sao_Paulo6#June 28th, 2023#!30Wed, 28 Jun 2023 17:16:43 -0300p4330#/30Wed, 28 Jun 2023 17:16:43 -0300p-5America/Sao_Paulo3030America/Sao_Paulox30#!30Wed, 28 Jun 2023 17:16:43 -0300pAmerica/Sao_Paulo6#No Comments

São Paulo/SP – May 26, 2023 – DDoS attack: Main features and how to protect yourself

* Hugo Pereira – SOC Analyst [SAFEWAY]

Introduction

Distributed Denial of Service attacks, known as DDoS (Distributed Denial of Service) are a form of cyber attack that aims to overload a server, network or service with a large volume of data traffic, making them inaccessible to legitimate users.In this article, we will discuss the main characteristics of this type of attack and present some protective measures against them.

How does a denial of service (DDoS) attack work?

DDoS attacks can be carried out in two main ways: through a network of computers infected with malware, known as a botnet, or through traffic amplification, where the attacker uses third-party servers to increase the volume of traffic sent to the target.

DDoS attacks can have different purposes, such as extortion, sabotage, espionage or activism. Its consequences can be severe, including lost revenue for businesses, reputational damage, disruption of essential services and data breaches.

Statistics on DDoS attacks

According to reliable sources, in 2022, the number of DDoS attacks increased by 150% on a global scale compared to the previous year. In the Americas, this growth was even more expressive, reaching an increase of 212% compared to 2021 (source: www.securityreport.com.br).

Main types of denial of service attack

  1. VoIP Flood:

This type of DDoS attack targets servers that operate in the VoIP (Voice over Internet Protocol) system, causing a large demand for requests that generate false and true requests, quickly overloading the server's resources and making its entire infrastructure unavailable.

  1. UDP flood type DDoS:

This type of attack involves sending a large number of User Datagram Protocol (UDP) packets to a target server or network, with the aim of overloading the system's capacity and making it unavailable to legitimate users. Unlike TCP (Transmission Control Protocol), UDP packets do not require a previous connection, which allows them to be sent in bulk without the need to complete a connection process.

In this type of attack, attackers send UDP packets to random ports on the target server or network, with the intention of overloading the system's bandwidth, causing it to crash or become unreachable. As a result, the system is unable to handle legitimate requests, causing the service to be unavailable for normal users.

  1. SYN Flood:

This type of DDoS attack exploits a vulnerability in the TCP/IP protocol stack. In the SYN flood attack, the attacker sends a large number of SYN packets to the target server or network, but never completes the three-way handshake process required to establish a connection. This causes the target system to become overloaded with half-open connections, consuming its resources and making it unable to respond to legitimate traffic.

SYN flood attacks can be difficult to defend against, as the traffic appears to be legitimate initially and can come from many different IP addresses, making it difficult to block or filter. To defend against SYN flood attacks, network administrators can use techniques such as SYN cookies, rate limiting, and firewalls to reduce the impact of the attack and prevent it from overloading the target system.

  1. HTTP flood:

HTTP flooding, also known as an HTTP flood attack, is a form of denial of service (DoS) attack that aims to flood a web server with a large volume of invalid or repeated HTTP requests. These requests may be sent via automated tools or malicious scripts with the aim of depleting server resources, making it unable to respond to legitimate requests from users. HTTP flood attacks can be carried out in a variety of ways, such as via GET, POST, or HEAD requests, or with variations of these methods. Furthermore, spoofed IP addresses can be used to make it difficult to identify the attacker.

Protection measures against DDoS attacks

Protection against DDoS attacks is a critical measure for an organization's cybersecurity. A SOC (Security Operations Center) plays an important role in preventing these attacks by utilizing specific security technologies and practices to reduce the risk of a successful attack.

Some of the measures a SOC can take to protect against DDoS attacks include:

  1. Constant monitoring:

Continuously monitor network traffic to detect suspicious activity and anomalies that could indicate an ongoing DDoS attack.

  1. Data analysis:

Use technical data analysis tools to identify traffic patterns that may indicate a DDoS attack.

  1. Attack mitigation:

Implement a Web Application Firewall (WAF) to protect web applications by monitoring traffic between each web application on the internet, and protecting against attacks such as file inclusion and SQL injection, cross-site request forgery (CSRF) .

  1. Threat prevention:

Use vulnerability management techniques and secure configuration to reduce the risk of your organization's systems being compromised by DDoS attacks or other cyber threats.

Conclusion

In summary, one SOC plays an important role in preventing DDoS attacks using a combination of constant monitoring, data analysis, attack mitigation and threat prevention. However, it is important to remember that cybersecurity is a shared responsibility, and organizations must also adopt strong security practices to protect their systems and data from cyberattacks. Protection against DDoS attacks is essential to ensure the availability and integrity of online services.

 

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

Tags:

Close Menu