Keeping data safe in 2022 – DDOS attacks

Distributed denial of service (DDOS) attacks are another constant threat that will define the cyber security landscape. In the newest post in our series detailing the main cyber threats of 2022, we take a look at DDOS attacks through the eyes of our ongoing analogy: a house as the home of our digital selves.

It’s important to note that DDOS attacks differ from the threats we’ve examined in the last few posts in the series. First, DDOS attacks themselves are not automatically a threat to personal data handled by an organization. However, they are known to have been used to serve as a cover or to draw attention away from other malicious actions that can result in a data breach. Second, mitigating DDOS attacks requires both software and hardware solutions.

What are DDOS attacks?

Any cyber incident in which attackers interrupt a service and deny legitimate requests’ access to it can be considered a denial of service attack. DDOS attacks focus on overloading the infrastructure that makes a service accessible rather than the systems used by the service themselves, as traditional denial of service attacks do. Easy, right?...

Let’s go back to the first post of our series when we likened using a cloud service to storing your passport in a safe in your neighbor’s house. DOS and DDOS attacks focus on blocking your access to your passport rather than stealing it directly. Now, if we replace your passport with a task management software hosted in the cloud and used by a company with 5000 employees, it’s easy to see how not being able to access the service can have dire financial consequences for a business.

But how do they work? On a high level, there are three different types of DDOS attacks that share the common theme of a massive flood of traffic but achieve this by different means.

Application layer attacks (aka. Level 7 attacks) focus on exploiting how the applications that cloud systems are based on work. Rather than bugs or vulnerabilities, these attacks target the intended functionality of the software to cause problems. They rely on functionalities that require very little data movement between the attacking botnet and the servers. Authentication (checking login credentials) is an example of such an action: an email address and a password represent a minimal amount of data, but the task of authenticating a user requires much more server resources.

Back to our analogy: you want to pick up your passport before an international trip. When you walk over to your neighbor’s house, there are one hundred other people already there claiming they also have documents in the safe. Your neighbor has to check their details one by one to discern whether or not their claims are legitimate. You end up waiting in line behind several other people, each of whom turns out to be lying. In the end, there are so many people before you that you miss your flight.

Protocol layer DDOS attacks focus on the resources of the network devices, for example, routers and switches, that allow a device to connect to the wider internet. There are several different methods for such an attack. For example, one results in users being shown a fake version of a website or service they are trying to access. In terms of our analogy, you are on your way to pick up your passport but are diverted by people impersonating police officers and end up at the wrong house. It looks the same as the one with your passport in the safe, but there’s no one there. Meanwhile, the attackers may be using the time to access the real safe and your documents.

Finally, volumetric attacks are the brute force method of sending a flood of data packets to the servers of the service to consume its entire bandwidth and resources. While less complex, they can still be extremely damaging. Imagine trying to go over for your passport but getting stuck in a traffic jam. When you finally get through to the house, there are thousands of people crowding around it and trying to get inside. The owners even given up locking the doors and windows out of fear. The truth is, about four people of the two thousand stored their passports in the house.

How to defend against DDOS attacks

Defending against DDOS attacks is extremely different from overcoming the other threats we have discussed in our previous posts. One side of the equation is having the horsepower and bandwidth to handle spikes in traffic and requests. However, other tools will be needed in the event of malicious actions: for example, devices that can separate real traffic from fake traffic that is part of the attack. Placing defensive devices, such as load balancers and filters between your services and the wider internet is vital.

Countering a DDOs attack boils down to four steps:

1. Detection, that is, recognizing that a spike in traffic is not legitimate, unexpected, or recurring. Have you just launched a major sale? The traffic increase may be legitimate. Recognizing unexpected increases in request volumes and spikes at recurring intervals will help you spot an attack early on.
2. Then you have to start filtering the malicious traffic out of the legitimate traffic to ensure that the users who need to access your service can.
3. Fake traffic should be diverted and redirected to sinkholes rather than bogging down the computing resources needed for your system to function.
4. Finally, all data connected to the incidents should be forwarded to and analyzed by both your security teams and the respective authorities in your jurisdiction.

Sadly, the intensity of DDOS attacks is constantly increasing. The record for the largest recorded attacks was broken twice in 2021. First, Yandex reported that it had successfully mitigated an attack of record size, peaking at 21.8 million requests per second. Later, Microsoft also announced it had mitigated an attack with a bandwidth of 3.47 Tbps and 340 million packets per second.

Can encryption help against DDOS attacks?

At Tresorit, we believe that true e2ee should be a fundamental part of every company’s cyber security toolkit. DDOS attacks have been proven to serve as a front for other malicious activities and draw resources away from defending against main threats. Back in 2016, Linode was forced to reset all user passwords after attackers had gained access to their systems during a DDOS attack.

Encrypted storage can help safeguard the data your enterprise stores, be it confidential business information or personal data protected under the GDPR or other relevant legislation. The secure file sharing features built into Tresorit will also help you share any information about attacks with relevant authorities easily and securely.

To help companies and individuals alike protect their data and the data they are entrusted with, we launched a series of blogs on Data Protection Day (or Privacy Day for our friends in the US) to discuss the major cybersecurity, and by extension, data security, threats of 2022. Read through our previous articles to learn more, and check back over the coming weeks for more info about:

• Back to basics – defining security, privacy, information security, and data protection in 2022;
• social engineering (phishing, smishing) is always becoming more sophisticated;
• ransomware is going nowhere in 2022, but cyber security tunnel vision is also a threat;
• supply chain attacks, vulnerabilities in third-party software, and sideloading could affect businesses globally;
• and how man-in-the-middle attacks are now circumventing TLS encryption in certain settings.

We’re exploring the tech behind each threat, what companies and individuals alike can do to counter them, and where end-to-end encryption can help. Watch this space.