At the start of May 2022, German news program Tagesschau reported that numerous government websites couldn’t be accessed because DDoS (distributed denial of service) attacks had hit several German government departments. Read on to learn what a DDoS attack is, how hackers plan and launch one, and how you can improve your own privacy as an individual and that of your devices with Avira Free Security.
You might assume that we as private individuals tend not to be affected by such DDoS attacks because cybercriminals primarily target the servers and websites of public authorities, research institutes, and large companies. But you can also be indirectly affected by such a DDoS attack.
Read on to learn what a DDoS attack is, how hackers plan and implement one, and how you can protect yourself from such an attack.
What is a DDoS attack?
With a distributed denial of service or DDoS attack, cybercriminals intentionally overload internet sites — with immense force.
They aim to crash the servers, computers, infected IoT (internet of things) devices, or other components of the targeted data network — resulting in the websites and services on these servers becoming inoperable or no longer accessible at all.
DDoS attacks cause financial damage
In addition to our example of a DDoS attack on several German ministries mentioned at the start, cybercriminals mostly aim to inflict targeted financial damage on companies — and they even actively offer this as a service.
This form of white-collar crime, in which ransom payments are often demanded, is currently one of the biggest cyberthreats. DDoS attacks are often only stopped after a requested amount of money has been handed over to the attackers. The companies affected reads like a Who’s Who of the internet world: Amazon, eBay, Twitter, Netflix, Spotify, and many others have already been victims of DDoS attacks.
Current figures show that DDoS attacks have become an enormous threat to companies of all kinds. According to the six-monthly NETSCOUT Threat Intelligence Report around 4.4 million DDoS attacks were recorded in the second half of 2021, bringing the total number to 9.75 million in 2021 — that’s one attack every three seconds.
And if you take a look at Wikipedia, you’ll discover that in a DDoS attack it’s usually impossible to block the attackers without completely cutting communication with the network. The attackers have then achieved their goal, because the operators of the sites and services in question have no chance of “simply” reactivating these sites.
How do DDoS attacks work?
Carrying out a DDoS attack on a company’s data network is surprisingly simple in principle: The hacker sends a request to a name server on the internet — but instead of using their own IP address, they use the one of their intended victim, such as a server. In return, this server sends a response to the IP address used.
However, individual bogus requests are not enough to overload the targeted servers, with their websites and services, and put them out of action. Such an attack only becomes effective when the servers are flooded with a critical amount of traffic, to which the servers must respond. To put it another way: The more a server is flooded with bogus requests, the faster it can be knocked out.
Cybercriminals have developed sophisticated methods to expose their targets to a massive amount of data by flooding them with simultaneous requests. It’s not uncommon to hear about terabytes of data being sent. You can just imagine how such vast amounts of data can bring even high-performance servers to their knees.
Use of botnets in DDoS attacks
In advance of a DDoS attack, hackers usually inject malware into several computers so they can take control of them unnoticed. They connect them together, giving them a network of infected computers — also known as a botnet.
Once the cybercriminals have installed such a botnet, they can launch their DDoS attacks remotely and flood their target with countless simultaneous requests.
The larger such a botnet is, the more powerful the DDoS attack can be — resulting in the attacked server becoming overwhelmed with the enormous number of requests, the internet connection becoming overloaded, and, in the worst case, the websites and services on the corresponding servers becoming no longer accessible at all.
IoT devices facilitate DDoS attacks
The internet of things (IoT) describes a network of physical “things” equipped with sensors, software, and other technology. These devices can network with other devices and systems via the internet and exchange data. These include gadgets and devices such as smart speakers, wireless plugs, fitness wristbands, robotic mowers and vacuum cleaners, surveillance cameras, and smart lighting controls — all the things that can make our everyday lives easier.
With IoT’s growing importance, these devices are also being misused for DDoS attacks, even though they appear harmless at first glance. That’s because these devices are often shipped with default passwords and their firmware is rarely updated, making them attractive targets for automated onslaughts such as DDoS attacks.
Application layer DDoS attacks
The aim of application layer DDoS attacks is to attack the application itself. They focus on exploiting specific vulnerabilities so that, for example, we can no longer access the content or services we want. Web servers are the most common targets, but other applications such as voice services can also be affected.
Such application layer DDoS attacks tend to be low to medium in volume because hackers need to know the targeted devices’ exact protocols. Application level DDoS attacks are therefore primarily launched via discrete intelligent clients, i.e. IoT devices, because their firmware is rarely updated.
Volumetric DDoS attacks
Volumetric attacks are a subset of DDoS attacks and work on the same principle: The sheer flood of data packets that hit a target consumes all available resources — either computing power, internet connectivity, or both.
Protocol DDoS attacks target IP vulnerabilities
Unlike application layer or volumetric DDoS attacks, protocol DDoS attacks rely on vulnerabilities in the IP or internet communication protocols.
Because many of these internet communication protocols are used around the world, changing how they work is difficult and slow to mainstream. And even if these global, standardized IP protocols are updated, fixing vulnerabilities often creates new vulnerabilities — which in turn open up opportunities for new protocol and network attacks.
Detecting DDoS attacks
DDoS attacks are among the greatest cyberthreats of all, precisely because they’re comparatively easy for cybercriminals to carry out.
It’s usually difficult for the affected commercial enterprises and public authorities to protect themselves sufficiently against a DDoS attack because the web server that is used, for example, must first be able to identify the flood of attacks as being bogus requests and separate them from normal requests. In addition, hackers use various tools in their DDoS attacks that camouflage them well or they use fake IP addresses, making them difficult to identify.
IT security managers in companies often see a sudden increase in incoming requests just before a DDoS attack. This flood comes without any explanation (it would of course be expected to some degree if a company had launched a huge marketing campaign that encourages many users to participate).
Even if you, as a private individual, will probably only be directly affected by a DDoS attack in exceptional cases, you’ll certainly feel the effects. Warning signs of this include frequent error messages, greatly reduced internet speed, or even system crashes.
Protecting yourself against DDoS attacks
The topic of cybersecurity rightly plays an extremely important role in all areas of our lives and, in addition to sophisticated security strategies, cyberinsurance is now a necessity for every company that has digital channels.
Nevertheless, the number of attacks via the internet and connected IoT devices is increasing — and you, as a private individual, are indirectly exposed to this danger every day. Comprehensive protection against DDoS attacks is therefore essential.
Strong passwords provide protection against DDoS attacks
One general way in which you can protect yourself is to use strong passwords on all your devices that are connected to the internet in some way. Routers, networks, and your networked IoT devices all require secure passwords — and of course you should also secure your online accounts with strong passwords.
In our opinion, using a password manager is therefore an incredibly helpful way to give yourself a good level of protection against the impacts of a DDoS attack.
And with Avira Password Manager, you only need to remember a single master password. This tool can help you use strong passwords for all your accounts — on your browsers as well as on your mobile devices. The app also shows you if you’ve used the same password more than once or if any passwords are weak so you can take immediate action and change them. And when you’re registering for new accounts, the password generator can create more secure passwords — meaning Avira Password Manager can provide some level of protection against DDoS attacks.
Antivirus programs help prevent DDoS attacks
Digital devices may come with antivirus components built into their operating systems, but in many instances these solutions aren’t particularly powerful.
That’s why we strongly recommend you opt for leading antivirus protection providers, because it’s often impossible to tell that you’ve been indirectly affected by a DDoS attack, such as if your personal computer has been integrated into a botnet through no fault of your own.
Good antivirus programs regularly check (scan) your devices automatically — discovering security gaps that may be used to inject malware to trigger a DDoS attack.
Even our freeware app, Avira Free Antivirus, helps you protect your devices from virus infections, enabling you to strengthen your protection against DDoS attacks.
Firewalls help businesses and individuals protect themselves against DDoS attacks
Firewalls are a necessity for every company that is connected to the internet in some way or form. They can quickly detect and defend against acute cyberthreat situations — even new threats that are not yet well known.
To help protect yourself against DDoS attacks, it’s also a very good idea for you, as a private individual, to install a firewall that offers more advanced protection than the rather unsophisticated protection provided by the operating system.
Top tip: With Avira Free Security, you’ll also benefit from the firewall integrated into this program and you’ll be able to protect yourself from the possible impacts of a DDoS attack. Check out our blogpost to learn more about firewalls. Don’t forget that with your Avira Free Security you also get a free VPN. For example, if you use the Windows operating system you will get the VPN for Windows for free.
Keep software and drivers up to date to protect yourself against DDoS attacks
One last important step you can take to strengthen your protection against DDoS attacks and their impacts is to regularly update the software and drivers on your digital devices. But be honest: How often do you think about checking for software or driver updates?!
If you use Avira Antivirus Pro instead of the free version, you’ll have a powerhouse that can scan your laptop or PC for any driver updates and also take care of updating them for you automatically — for greater protection against DDoS attacks.