We are so accustomed to the reliability of various Internet services that they began to perceive them on a par with the objects of the material world. But behind this reliability lies the great work of IT specialists. With the growing popularity of your site or application, you can become the target of hackers who try to disrupt the workability of your offspring. For example, using DDoS-attacks. About what they are, experts told the OAC.
DDoS-attacks are called actions to create conditions in which bona fide users can not access the web service. To do this, the attacker starts a simultaneous access to the service from a large number of devices under his control. Imagine that you are going to go by car to a concert of your favorite band. The presence of 10,000 people is planned there. The only road leads to the site where the concert will take place. On it in the shortest time able to drive all 10 000 visitors to the concert. Envious musicians to disrupt the concert inform the news in all media that next to the concert half an hour before the concert as a charitable event, free watermelons will be distributed to all comers. As a result, a traffic jam is formed on the road from those who want to get a “freebie”, and guests who want to listen to music,
In real life, a hacker acts as envious, and people who want to receive free watermelons are a lot of controlled devices. As a rule, large attacks are carried out by intruders using botnets. Botnet (botnet originated from the words robot and network) – a computer network consisting of a number of devices with standalone software. Most often, such software is hidden on the victim device and allows an attacker to perform certain actions using the resources of the infected computer. In addition to the infrastructure for organizing DDoS attacks, botnets are used to send spam, retrieve passwords and other illegal activities.
Often a botnet is formed from home or office computers, but as practice shows, any device that has an Internet connection (video camera, mobile phone, smart clock, refrigerator, TV) can become a part of the botnet. To do this, attackers use various software vulnerabilities, improper network configuration and the selection of passwords. However, the most “right” way to include in the botnet is an independent installation by the user of unlicensed software. In addition, a serious danger is represented by software installed from unreliable sources.
The most popular targets for DDoS attacks are in countries such as China, the US and the UK. Daily in the world there are more than 100 thousand DDoS-attacks.
The most powerful attacks, which are fixed in Belarus, reach 40 Gbit / s. Such attacks are noted quarterly. The goals are hosting sites and large infrastructure equipment providers of Internet services (for example, NAT-devices). Typically, the duration of the attack does not exceed 20 minutes, as the actions of intruders are blocked by operators. In this case, the hacker understands that the goal has not been achieved, and stops “finishing”.
True, there have been some remarkable attacks recently. So, in February 2017, a DDoS attack with a capacity of 2 Gb / s was made on the site of one of the state bodies, and its duration was 120 minutes. As a result, there was a denial of service not only to this site, but also to other resources located on the same virtual server (the site was hosted by shared hosting technology). During the attack, the computing power of the server was exhausted, and as a result the sites became inaccessible to users. During the investigation of the incident, its sources and type of attack – http flood – were established. Promptly taken technical measures provided restoration of access to the site.
In the fall of 2017, the target of the attackers was the infrastructure of large domestic banks. For an hour there were problems with the availability of banking services. As a result, the attack was blocked by Beltelecom forces. The incident facilitated the decision of the site owners to conclude agreements for the provision of protection services against DDoS attacks.
Attacks on online stores, large information sites, food delivery services, etc., were often recorded, for example, one such service was attacked all week – every day for an hour. At the same time, customers could not use the company’s website, which caused direct losses in the amount of daily turnover.
Of the interesting facts about the unpredictable consequences of DDoS attacks, we can recall the case that touched one of the country’s largest Internet sites. After the threat was neutralized, it turned out that the hosting provider was charging not for the size of the communication channel, but for the amount of traffic transmitted. Thus, all traffic generated during the attack was accounted for and charged. To the honor of the supplier, after negotiations, the fee for the traffic generated by DDoS-attack, he did not take.
A very recent example is the distribution of e-mails with threats against Belarusian banks. In these letters, cybercriminals extort money. In case of refusal, “hackers” are threatened with stealing a much larger amount from the bank or disrupting the availability of banking services. Employees of banks do not go on an occasion, as everything speaks about banal swindle. Real attacks after the threats did not follow. But the very fact that scammers paid attention to our banks is a cause for concern, as highly-qualified intruders can follow them.
It is worth noting that an ordinary Internet user is unlikely to become the target of a DDoS attack. This is due to the lack of interest from intruders. If you are a legal entity and your users have unexplained problems with access to the site, similar to the consequences of a DDoS attack, you should first contact the Internet service provider. Virtually all vendors have the tools and specialists to determine the fact of the attack. If necessary, they can contact the OAC for coordinated action to restore the availability of resources. If the operator refuses to perform any actions, you can contact the OAC yourself .