Public Sector in Toronto, Canada Faces Cybersecurity Crisis Amid Surge in Ransomware Attacks
1월 31, 2024What is DDoS? Definition, Types, Prevention
1. What is DDoS?
A Distributed Denial of Service (DDoS) attack is a cyber-attack in which an adversary overwhelms a server with an excessive volume of Internet traffic, preventing legitimate users from reaching the associated online services and websites. Attackers typically launch DDoS campaigns to disrupt a competitor, broadcast a political or social message, extort money through ransom demands, or divert defenders’ attention to conceal a larger, coordinated intrusion.
DDoS attacks can devastate organizations. By knocking websites or network services offline, they immediately block customers from transacting, producing direct revenue loss. Prolonged outages halt e-commerce, customer‐service portals, and critical back-end operations, eroding user trust and tarnishing the brand over time. Recovery is rarely trivial: incident response, system rebuilds, and security hardening demand significant time and money, and every hour down increases the likelihood of breaching data protection or service-availability regulations.
On the personal side, devices that have been hijacked into a DDoS botnet face slower performance, heightened risk of data theft and secondary malware infections, and potential misuse of the owner’s accounts in further attacks. Because compromised machines execute commands in an attacker’s direction, their owners can even find themselves entangled in legal liability.
2. Principles and Types of DDoS Attacks
Attackers harness botnets to flood a target server with so much traffic that it can no longer handle legitimate requests, forcing the service offline. DDoS techniques are generally grouped into four families: Volumetric, Protocol, Application-Layer, and Multi-Vector attacks. The most common Volumetric saturates a victim’s bandwidth by sending more data than the network can absorb. A textbook variant, DNS amplification, forges the victim’s IP in queries sent to open DNS resolvers; the resolvers then deluge the target with oversized responses, crippling its infrastructure.
A high-profile case unfolded in February 2020, when Amazon Web Services faced a Volumetric onslaught that targeted multiple customers. The attackers exploited CLDAP (Connectionless Lightweight Directory Access Protocol) reflection, abusing vulnerable third-party CLDAP servers to magnify traffic by 56~70 times, with throughput spiking to 2.3 Tbps one of the largest DDoS events on record. The incident illustrates both the technical sophistication and escalating destructive power of modern DDoS campaigns, underscoring why providers of mission-critical online services must invest in robust mitigation.
3. DDoS Attacks Resulting from Email Attacks
Although DDoS campaigns rarely begin directly with an email, an estimated 90 % of all cyber incidents still start through an email vector, so robust mail security is a core pillar of any DDoS resilience strategy. Once an attacker hijacks a mailbox, that account itself can be weaponized to steer botnets or launch follow-on DDoS waves. The most common takeover route is URL phishing, a textbook social engineering technique.
The United Nations endorsed ITU-T X.1236 standard classifies social engineering email attacks as psychological ploys that trick users into transferring money or revealing confidential information no software exploit is required. In a URL-phishing scenario, the adversary crafts a message that impersonates a trusted company, government agency, or colleague and embeds a malicious link or attachment that leads to a spoofed sign-in page. When the victim enters credentials, the attacker gains full control of the account, which can then be misused to distribute more phishing mail, relay command-and-control traffic, or coordinate a botnet-driven DDoS assault.
Because these social engineering tactics are pervasive, routine email security assessments and strict adherence to X.1236 controls are vital not only to keep corporate accounts from fueling DDoS campaigns but also to safeguard sensitive data and head off a cascade of secondary crimes.
4. DDoS Attack Prevention Solutions and Email Security
To prevent DDoS attacks, it is essential to continuously monitor network traffic and increase network bandwidth so that more traffic can be processed. In addition, harmful traffic should be blocked by using professional DDoS mitigation services and web application firewalls, and services and data should be distributed across multiple locations to reduce dependence on a single point of attack. Alongside these measures, it is crucial to establish a response plan for DDoS incidents, maintain regular data backup and recovery strategies, and cooperate with ISPs to detect and respond to attacks at an early stage. Not only organizations but also individual users must protect their devices and networks by using anti-virus software and keeping it up to date.
Although DDoS attacks launched directly via email are relatively rare, as noted earlier, account takeover through social-engineering tactics can provide the leverage needed to execute a DDoS campaign. Inbound email threats such as URL phishing messages can easily trap users who are not vigilant. To avoid these risks, organizations must be aware of the threat types and security requirements defined in international email security standards and should perform ongoing email security assessments. The standards specify the following requirements and solutions for effectively blocking and responding to URL phishing attacks.
To counter URL-phishing attacks, the security requirements set out in [8.2.4 Security requirements for countering URL phishing attacks] must be observed.
- Continuously track the final destination of any URL that leads to a webpage prompting users to enter personal information.
By implementing the solutions in [9.2.4 Countermeasures for URL phishing attacks], organizations can gain a proactive defense against URL phishing emails.
- Endpoint of URL tracking: Trace every URL to its final landing page and monitor for any attempt to solicit user credentials or personal data.
- HTML-source analysis: Inspect the HTML of landing pages to identify input fields that request personal or account information, and verify whether submitted data is transmitted to third-party servers.
Moreover, to block DDoS attacks resulting from account hijacking, adhering to security requirements for both incoming and outgoing attacks is vital. According to the standards ‘Security requirements for countering attacks using account take-over’ [8.4.1 Security requirements for countering attacks using account take-over] and [9.3 Countermeasures for outbound email threats by user], the following security requirements and functionalities are beneficial:
- Limit the number of emails sent at one time by setting caps on the maximum number of emails per day and the number of recipients per email, maintaining the status and security of the email server and account.
- Allow security administrators and users to set specific IPs and countries from which the email account can be accessed.
5. Conclusion
DDoS attack is a cybercrime that paralyzes services by flooding a server with excessive traffic. Such attacks typically aim to take services offline, causing economic losses, operational downtime, and damage to trust and brand reputation. Key prevention and response measures include continuous network traffic monitoring, deployment of DDoS mitigation services and web application firewalls, well-tested data backup and recovery plans, and close coordination with ISPs. Individual users also play a role by running up-to-date antivirus software and staying vigilant about email security. Because roughly 90% of cyber attacks begin with email, mail-layer protection is critical.
Countering URL phishing the primary method for stealing credentials that can later be weaponized in a DDoS campaign requires compliance with the functional requirements outlined in international email security standards. Applying those controls to both inbound and outbound traffic helps shield organizations from account-take-over-driven DDoS assaults and sharply reduces the broader risk of email phishing.
6. Reference
Major banking platform Monobank experiences massive DDoS attacks following Kyivstar network outage
https://news.yahoo.com/major-banking-platform-monobank-experiences-132500767.html
What Is DDOS Attack?
https://www.fortinet.com/resources/cyberglossary/ddos-attack
What Is A Botnet?
https://heimdalsecurity.com/blog/all-about-botnets/
DOJ announces guilty plea for 2016 cyberattack that broke the internet
