Introduction
The topic “Denial of Service” (DoS) and “Distributed Denial of Service” (DDoS) is always a hot topic because it could happen at any time for any Service at any Level. To understand what a (D)DoS is, let us explain what a “Service” is, what possible attacks are available and why such a denial of service attack could happen at any time for any Service.
Let us try to bring several points of views to that topic because a Service has by default several levels.
- Business Level. This is the cash point, why any service is offered to people.
- Informational. News and other information services to distribute information.
- Social. These are the People behind the other levels. They provide and ensure the service.
- Technical Level. The technical implementation and the workhorse where the attacks most of the time happen. We will dive into this topic in a dedicated Blog post.
Scenario
The goal of a (D)DoS is to deny the delivery of the service to the end user.
This can happen in many different ways as we will see in this article when I explain it with the different levels. But an easy example would be to just shut down the HTTP Endpoint which is serving the website. So the end user can’t reach the service.
An easy example for a DDoS would be (if we assume a service which can take n Requests per second) to create n requests per second from different devices.
Key difference between DoS and DDoS: DDoS has a lot of distributed infrastructure on the attacker side and it always has a “bruteforce” aspect in overloading the service.
The picture tries to highlight the different aspects of a (D)DoS attack. You can see here the target which should come down, the different devices and controller, IT,human, and some involved technologies.
In the picture you can see on the left hand side the people who want the service to not be working, which is the main goal for a (D)DoS. The people manage the “Command and Control” part which controls the different devices in the “Devices for DDoS Attacks” Box. All devices are mostly connected via the internet to attack the target service. The attacked service could implement different defense strategies which will be shown in the next article covering the (D)DoS topic.
Business
The Business Service is the main point for a company to gain money to be able to pay the people who work for the company and all other expenses which a business oriented company has.
A denial of service from a business point of view could be to offer the people who work for the company a much better service (higher salary, social service, family offering, …) so that they leave the company and much less people have to do the job for more people or attack any other business relevant part which is important for the business. This aspect is not very often shown in the context of a (D)DoS attack but that’s, from my point of view, the most threatening point of a (D)DoS attack at every level. The reason for that is that the recovery time from such an attack is quite high because the lack of people who know the setup, the tools and all parts of the service to keep the service up and working could be gone.
Another aspect for this attack requires a very good knowledge of the field of the business in which the company works which leads to a relatively high amount of work for the attacks and in some cases a high investment of money. These facts lead to the conclusion that such an attack requires some preparation time in the real world compared to the technical attack which could be mostly done in the digital world.
The Business kind of attack is a disaster because it could bring the company down as there could be no income when a service isn’t reachable or usable for paying customers.
Possible Protection
Well, the protection against such an attack is quite difficult as the attacking party is not always known. My experience is to handle people with respect and honor their work as you never know when you meet the people again or what upset humans to think or in the worst case start such an attack.
Social
Even though that’s not a commonly agreed DoS attack, let me bring this on the table as still most of the administration personnel are humans, nowadays. There is a long history of social hacking just because the attack uses humans’ deeply integrated emotions. We would also like to show that such an attack is a valid point of view and could have a deep impact on the company’s business and existence.
The scenario is that an attack group or person recognizes who the administration person of a service is and manipulates the administrative person in that kind to impact the service in a bad manner. That this is not just a hypothetical scenario can be proved with your favorite search engine.
I’m pretty sure that now comes the “Idea” to use AI for that, but the current AI models and setup does not look like they can handle such tasks, nowadays, who knows the future 🙂 , furthermore there are already attack vectors on how to “hack” and manipulate AIs.
Possible Protection
The protection against such an attack is somehow possible if the attacking party is known. Some people have a “third instinct” which recognises that something is wrong and if the trust level in the company is high enough the person will communicate with colleagues and supervisors to get help against such an attack. Here is also my experience: handle people with respect and honor their work as you never know when such an attack will happen if it happens.
As you have read this several times in this post and you might think “I do this already in my company or community” be brave and make a real anonymous survey how satisfied and happy the people are in the company or community 🙂
Informational
The last kind of (D)DoS in this article is the Information Level. There is something called Information Warfare which could be seen as (D)DoS from my point of view as when a information is spreaded that a company business is in a “bad” state, customers quit the business with the company, this implies in less income and lead directly to possible company closing and going out of business.
Possible Protection
The protection against such an attack is very hard nowadays. Fast Information updates are only possible where the attacked company or community have access to the Information platform. The current social media platforms are widely used but clarifications from the attacked side could be overseen.
Conclusion
As you have seen in this blog post the topic (D)DoS is not only a technical topic but also a business and social one. That’s one of the reasons why I think that security is not only a topic for some people of a company or community, it’s the topic for all people from top to down, down to top, left to right and right to left.
In the next blog post you will see the technical part and some ways to protect yourself against a technical (D)DoS attack.