Friday was an interesting one for Internet users in the U.S. A large-scale Distributed Denial of Service (DDoS) attack took down a number of sites including Twitter, Netflix, and Amazon for a large part of the day. Many of us were left with a newfound sense of how much we rely on web-based services in our day-to-day lives and a growing unease about how vulnerable these services are.
DDoS attacks are not new and are just one type of cyber attack in a growing arsenal. We’ve compiled a list of some of the types of cyber attacks that are seeing incredible growth, and a description of how each works. You’ll likely be hearing these terms more as these attacks continue to grow in prevalence and scope.
Distributed Denial of Service Attack: Friday’s Internet outage was caused by a DDoS attack on Dyn, a company that monitors and routes Internet traffic. While Friday’s attack did require a fair amount of sophistication (USA Today has a great summary of the details we know to date), most DDoS attacks are easy and inexpensive for hackers to execute. A DDoS attack occurs when a website’s servers are flooded with illegitimate page requests, preventing legitimate requests from getting through. This can often cause the website to crash. Cyber criminals can execute DDoS attacks for as little as $150 a day by purchasing botnets on the online black market. Botnets are a network of computers and connected devices infected by malware and controlled without the owner’s knowledge. Botnets are used to send the page requests, resulting in the overburdened servers. A recent study by CDN services company Akamai found that there has been a 125 percent increase in DDoS attacks year-over-year and a 35 percent increase in their duration.
Zero Day Attacks: A Zero Day vulnerability refers to a hole in a businesses’ software that is unknown to the software provider. A Zero Day attack refers to an incident in which this hole is exploited by hackers before it is discovered and fixed. Because these vulnerabilities are unknown to the developer, cyber criminals can often exploit holes for months before anything is detected. According to Symantec, the number of Zero Day attacks also increased by 125 percent last year.
Domain Name System (DNS) Highjacking: The DNS is a naming system for any resource connected to the Internet that associates various information with domain names. For example, a DNS translates a user-friendly name, like CSID.com, to its corresponding IP address. DNS hijacking, or DNS redirection, is the practice of intercepting and changing the information associated with a DNS record for malicious reasons. The result is a user ends up on a site that has malicious malware or code instead of the site intended.
These are just a few of the cyber attacks we’ll be reading more about in the coming years, especially as the skill set and resources needed to execute them continues to lessen. For businesses, it means strengthening security on their sites and focusing on security against web-based attacks. For consumers, it is about staying informed.