A DDoS attack is similar to the queue at the entrance of the stores during Black Friday. The entrance to the store is small, but hundreds of people try to get in at the same time. As one might expect, many people cannot: The store’s “entry capacity” is not sufficient to serve such a large number of customers. This results in the store not being able to serve for a long period of time: normal customers cannot enter and shop too, because of the crowd.
This is a simple example, but it will give you an idea of how DDoS attacks work. DDOS is an abbreviation of “Distributed Denial of Service”. Simply put, it means sending multiple requests to block an online service. Imagine one million people trying to connect to a website at the same time: no site has the capacity to meet this demand. As a result, the website crashes and cannot serve anyone for a long time. Re-activating a crashed website is not difficult, but it is best not to do so while the attack continues: otherwise, the site will crash again within a few seconds.
DDoS attacks are much more common than expected. According to statistics,
- More than 2,000 DDoS attacks take place every day,
- One-third of website crashes are caused by DDoS attacks,
- A zombie network that will make a DDoS attack for a week can be purchased for 150 USD.
Remember the term” zombie network”, as we will often talk about it when we explain why these attacks cannot be prevented. There are many resources that you can instantly monitor DDoS attacks around the world, we recommend starting with Digitalattackmap. The map on this website will show you, above all, that DDoS attacks are not made from a single source, but from hundreds, even thousands of different sources at the same time. So, what does this mean and how does a DDoS attack take place?
The Zombie Network: Slave Devices
Each device connected to the Internet has an IP address. It is possible to prevent certain IP addresses from accessing a website, but DDoS attacks do not work like this. These attacks take place at the same time from thousands of computers in different countries. For example, consider the VulkanVegas.com website: if a DDoS attack is launched on this site, the administrator cannot avoid it by blocking a certain range of IP addresses. Because thousands of requests are sent at the same time to connect to the website from all over the world.
So, how do attackers take control of so many computers? The answer is “zombie networks”. Any device connected to the Internet can be part of these networks. What makes this possible is a simple remote control program. These are quite different from conventional viruses or trojans. Anti-virus programs often cannot identify and block them. These programs run in the background and use a small amount of your processor power and internet connection. So, you won’t even notice that your computer is used in a DDoS attack, as there will be no serious performance/speed loss. These types of programs can infect your PC even while surfing the Internet, with a method called “drive-by-download” without your knowledge. After the infection, the remote control program will wait quietly until the person controls the zombie network starts to give orders. Even now, your computer may be a part of a DDoS attack.
This is why DDoS attacks are dangerous: disabling the targeted site is not their only “feature”. The most dangerous aspect of DDoS attacks is that they form a network of “zombies” silently waiting until they receive an order. Any computer can be used in cyber-attacks, and the owner doesn’t even know about it: This is a huge cyber-security problem threatening every PC (and IoT devices) in the world.