What is a Denial-of-Service (DoS) Attack & How to Prevent It?
A denial-of-service attack can disrupt an organization’s website and network, resulting in a loss of business and other costs without the right prevention tactics.
- Denial-of-service (DoS) attacks make networks and the resources that rely on them inaccessible for those who use them.
- DoS attacks are one of the oldest cybercrime tactics, but they are increasingly damaging and disruptive to organizations of all sizes.
- Organizations can take steps to monitor, prevent or respond to DoS attacks.
The denial-of-service (DoS) attack is a tried-and-true cybercriminal strategy. The first documented case dates back to early 2000, when a 15-year-old Canadian hacker took down several major ecommerce sites, including Amazon and eBay. Fast-forward two decades, and a DoS attack can still be dangerously effective. In fact, these attacks have grown bigger and bolder. But with the right DoS attack prevention tactics, organizations can prevent or mitigate the disruption they can cause.
What Is a Denial-of-Service (DoS) Attack?
A denial-of-service attack is designed to slow or take down machines or networks making them inaccessible for the people who need them. Information systems, devices or other resources on the network or machine — email, online accounts, ecommerce sites, and other services — become unusable in a DoS condition. While direct theft or data loss may not necessarily be the goal of a DoS attack, one can severely impact the targeted organization financially as it spends time and money getting back on its feet. Loss of business, frustrated customers and reputational harm are additional costs.
DoS attacks have increased in recent months. Some 3 million DoS attacks occurred in the first quarter of 2021 — nearly a third more than the same period the previous year — and January saw the largest number of DoS attacks ever recorded, with 972,000 attacks. During the pandemic, the number of DoS attacks rose as bad actors sought to take advantage of more vulnerable organizations operating in new ways.
How Does a Denial-of-Service (DoS) Attack Work?
Denial-of-service attacks tend to target web servers of high-profile organizations, such as banking, e-commerce and media companies, as well as government entities. Perpetrators go after organizations’ assets in one of two ways: either by overwhelming their networks with large volumes of traffic or by sending nefarious data like bugs that will trigger a crash. No matter the method, the intended outcome is the same: to take the network or machine down. Additional networks or assets not actually targeted by the DoS attackers may also be impacted if the DoS victim is, say, an internet or cloud service provider for others.
A potentially more dangerous form of a DoS attack is known as a distributed denial-of-service attack (DDoS). In these commonly attempted cases, an attack — perpetrated by multiple systems as opposed to a basic DoS attack — can impact or completely take out of service any internet-facing service. DDoS attacks may also be used to distract organizations from other criminal activity, such as data theft or network infiltration.
The biggest DDoS attack in history occurred in February 2020, when Amazon Web Services says it fended off a three-day DDoS attack that peaked at a volume of 2.3 terabytes per second.
Difference between DoS & DDoS Attack
The key difference between a DoS and a DDoS attack is the number of devices used for the attack. A DoS attack uses only one system, and a DDoS attack uses multiple systems. Since a DoS attack uses only a single system, it is much easier to detect and contain. A DDoS attack, however, can use a large amount of infected botnets controlled by a command and control system, making these attacks much more difficult to detect, and in turn, makes them much more impactful.
Types of Denial-of-Service (DoS) Attacks
There are several overarching types of denial-of-service attacks:
- Volume-based attacks: These use large amounts of fake traffic to overwhelm an online resource, like a server or website. The volume of the attack is measured in bits per second.
- Protocol or network-layer attacks: These send large numbers of packets to network infrastructure and infrastructure management tools. Their size is measured in packets per second (PPS) and include Smurf DDoS attacks (network-layer attacks designed to flood a targeted server with error messages) and SYN floods (which tie up networks with half-opened connection requests).
- Application-layer attacks: These are similar to volume-based attacks but are conducted by flooding applications with malicious requests. Their size is measured in requests per second (RPS).
How to Identify if a DoS Attack has occured?
There is no single way to detect if a DoS Attack has occured. The best thing organizations can do is be on the lookout for the tell-tale signs of a DoS Attack:
- A huge spike in traffic
- Servers responding with 503 errors due to service outages
- Pink requests time out
- Multiple requests from the same IP address are received in a short period of time
How to Prevent Denial-of-Service (DoS) Attacks
As the Cybersecurity and Infrastructure Security Agency (CISA), run by the U.S. Department of Homeland Security, notes, “the symptoms of a DoS attack can resemble non-malicious availability issues, such as technical problems with a particular network or a system administrator performing maintenance.” However, CISA adds, “unusually slow network performance and unavailability of a particular website can be strong signs of a DoS attack.”
Organizations can take the following actions toward denial-of-service attack protection and prevention:
- Monitor and analyze network traffic: Network traffic can be supervised via a firewall or intrusion detection system. Administrators can set up rules that create alerts for unusual traffic, identify traffic sources or drop network packets that meet a certain criteria.
- Strengthen their security posture: This includes fortifying all internet-facing devices to prevent compromise, installing and maintaining antivirus software, establishing firewalls configured to protect against DoS attacks and following robust security practices to monitor and manage unwanted traffic.
- Monitor traffic: Organizations can enroll in a service that detects or redirects the abnormal traffic flows typically associated with a DoS attack, while allowing normal traffic to proceed on the network.
- Establish a DoS attack response plan: The key is to create and also practice a disaster recovery plan for DoS attack that covers communication, mitigation and recovery.
The Bottom Line about Denial-of-Service (DoS) Attacks
As DoS and DDoS threats continue to climb, any organization can find itself a target. The impact can extend beyond short-term server outages, resulting in financial losses, angry customers and partners and brand damage. Organizations that take appropriate protection prevention steps can mitigate the total costs of targeting and full-fledged attacks.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!