Introduction
In the cyber security environment, Distributed Denial of Service (DDoS) attacks pose a tremendous threat to both organizations and individuals. These attacks, by overwhelming networks with traffic, can incapacitate websites and services, leading to substantial operational disruptions and financial losses. The damages incurred are not merely technical, but can extend to financial losses, reputation damage, and in some cases, legal consequences. The rise of IoT (Internet of Things) devices has provided attackers with new resources for DDoS attacks, enabling them to create vast networks of compromised devices to launch large-scale attacks. Additionally, the easy access to DDoS-for-hire services (systems that perform DDoS attacks for money) has lowered the entry barrier to initiating DDoS attacks, posing threats not only from sophisticated hackers but also from individuals. Notable examples include the February 2020 attack on Amazon Web Services (AWS) and the October 2016 attack on major DNS provider Dyn. These incidents led to the disruption of major websites such as Twitter and Netflix, highlighting the severe impact potential of DDoS attacks on key digital infrastructure and services.
DDoS attacks also introduce potential risks to email security. Compromised email accounts can be exploited for secondary crimes, such as executing DDoS attacks. Considering that 90% of cyber attacks use email as a method of attack, a proactive focus on and diagnosis of email security are imperative. As these cyber threats continue to evolve, our defenses against them must evolve as well.
1. Definition and Risks of DDoS Attacks
DDoS attacks, short for 'Distributed Denial of Service', are cyber assaults in which attackers flood a server with an overwhelming volume of internet traffic. This onslaught prevents users from accessing connected online services and websites. Motives behind DDoS attacks are diverse and may involve disrupting a competitor's business, conveying political or social messages, demanding ransom for financial gain, or serving as a diversion for launching more significant cyber attacks.
DDoS attacks have a significant impact on businesses and institutions. These attacks render websites and network services unusable, directly causing economic loss by preventing users from accessing services. Service disruptions halt online sales, customer service, and transactions, leading to the loss of user trust and negatively affecting brand reputation in the long term. Post-attack, a substantial amount of time and cost are required for system recovery and security enhancement, with the risk of failing to comply with data security and service availability regulations.
From a personal perspective, computers infected as part of a botnet for DDoS attacks can face various issues, including performance degradation, personal information and data breaches, an increased risk of additional malware infections, and misuse in DDoS crimes due to account hijacking. Computers and accounts targeted in DDoS attacks can be coerced to execute cyber attacks as per the attacker's command, potentially leading to legal liabilities.
2. Principles and Types of DDoS Attacks
DDoS attacks occur when hackers utilize a botnet to concentrate excessive traffic on a target server, rendering the server unable to process legitimate user requests and causing service disruption. The attack methods are classified into four main types: Volumetric Attacks, Protocol Attacks, Application Layer Attacks, and Multi-vector Attacks.
The most common type is the Volumetric Attack, which aims to overwhelm the target network's bandwidth with more traffic than it can handle. A typical example is the DNS Amplification attack, where attackers use a spoofed target IP address to send requests to DNS servers. The DNS servers then send responses to the target server, causing an overload with a massive amount of responses.
The February 2020 Amazon Web Services (AWS) attack is one of the notable instances of a major company suffering from a Volumetric DDoS attack. This attack targeted unspecified AWS customers and utilized a technique called CLDAP (Connectionless Lightweight Directory Access Protocol) Reflection. This method exploited vulnerable third-party CLDAP servers to amplify the amount of data sent to the victim's IP address by 56 to 70 times, reaching a peak of 2.3 terabytes per second. This was one of the most severe DDoS attacks recorded at the time. These incidents showcase the technical sophistication and increasingly destructive nature of evolving DDoS attacks, highlighting the importance of companies investing in DDoS security measures and prevention for crucial online services.
3. DDoS Attacks Resulting from Email Attacks
DDoS attacks initiated via email are not common occurrences, but given that 90% of cyber attacks use email as their method, there is a need to focus on email security. In addition to DDoS attacks targeting computers, compromised email accounts resulting from email attacks can be weaponized for executing DDoS attacks. One prominent method for account hijacking is URL phishing, a form of social engineering attack.
According to email security standards (ITU-T X.1236), ‘social engineering email attacks’ [7. Threats for targeted email attacks, 7.2 Social engineering email attacks] involve psychological tactics to deceive users into transferring money or extracting confidential information, rather than exploiting system vulnerabilities. These standards, endorsed by the International Telecommunication Union (ITU), a specialized agency of the United Nations, are internationally trusted. URL phishing constitutes an attack aimed at stealing victims' usernames and passwords, wherein attackers create phishing pages or websites and leverage malicious URLs or files embedded in emails to induce victims to enter their account information. Attackers make these emails appear as if they are from reputable companies, government agencies, or known colleagues, tricking users into clicking on malicious URLs and disclosing login credentials or vital information. Given the prevalent nature of such social engineering attacks, continuous attention and regular email security assessments are necessary not only to prevent misuse in DDoS crimes but also to protect sensitive information and prevent other secondary crimes.
4. DDoS Attack Prevention Solutions and Email Security
To prevent DDoS attacks, continuous monitoring of network traffic is essential, along with increasing network bandwidth to handle more traffic. Employing specialized DDoS prevention services and web application firewalls to block harmful traffic, as well as distributing services and data across multiple locations, can reduce reliance on a single point of attack. Establishing response plans for DDoS attacks, regular data backups and recovery strategies, and collaborating with ISPs for early detection and response to attacks are crucial measures. For individuals, protecting devices and networks involves the use of regularly updated antivirus software.
Although DDoS attacks via email are relatively uncommon, account hijacking through social engineering attacks, such as URL phishing, can lead to DDoS attacks. URL phishing emails, a variant of incoming email attacks, can pose risks if not carefully scrutinized. To mitigate such risks, awareness of email attack types and adherence to security requirements outlined in the international email security standards are essential, along with regular email security assessments. These standards provide security requirements and solutions to effectively block and respond to URL phishing attacks.
To counter URL phishing attacks, compliance with security requirements outlined in the standards [8.2.4 Security requirements for countering URL phishing attacks] is imperative. This includes::
- Continuously tracking the final destination of URLs containing webpages that prompt for personal information.
Implementing solutions from [9.2.4 Countermeasures for URL phishing attacks] in the standard allows proactive response to URL phishing attacks:
● Endpoint of URL Tracking: Monitor for the possibility of information entry guidance by tracking all URLs to their final destinations.
● Analyze the HTML source code of webpages to check for input boxes that induce users to provide personal, account, or login information, and verify if the entered information is transmitted to third-party servers.
Moreover, to block DDoS attacks resulting from account hijacking, adhering to security requirements for both incoming and outgoing attacks is vital. According to the standards 'Security requirements for countering attacks using account take-over' [8.4.1 Security requirements for countering attacks using account take-over] and [9.3 Countermeasures for outbound email threats by user], the following security requirements and functionalities are beneficial:
- Limit the number of emails sent at one time by setting caps on the maximum number of emails per day and the number of recipients per email, maintaining the status and security of the email server and account.
- Allow security administrators and users to set specific IPs and countries from which the email account can be accessed.
5. Conclusion
DDoS attacks represent a significant cyber threat, inundating servers with massive traffic and causing service disruptions. These attacks lead to economic losses, service downtime, and reputational damage. Prevention and response strategies involve continuous network traffic monitoring, the use of DDoS prevention services and web application firewalls, the establishment of data backup and recovery plans, and collaboration with ISPs. Individual users play a crucial role by maintaining vigilance, utilizing antivirus software, and prioritizing email security. Given that 90% of cyber attacks leverage email-based methods, securing email communications is paramount.
To prevent accounts from being exploited in DDoS attacks, countering URL phishing—a prevalent technique for stealing account information—is crucial. Adherence to international email security standards is essential for preparedness. Safeguarding against email hacking attacks necessitates implementing security requirements for both incoming and outgoing attacks. Awareness of and proactive measures based on the security requirements outlined in the standards significantly mitigate the risk of DDoS attacks resulting from account hijacking and the associated threat of email phishing.
6. References
<Major banking platform Monobank experiences massive DDoS attacks following Kyivstar network outage>
https://news.yahoo.com/major-banking-platform-monobank-experiences-132500767.html
<What Is DDOS Attack?>
https://www.fortinet.com/resources/cyberglossary/ddos-attack
<What Is A Botnet?>
https://heimdalsecurity.com/blog/all-about-botnets/
<DOJ announces guilty plea for 2016 cyberattack that broke the internet>
https://www.engadget.com/justice-department-2016-dyn-cyberattack-plea-183112958.html?_fsig=yLMCyPY8EjO7j8OjQQXJKg--%7EA
0 Comments