A Denial-of-Service (DoS) attack is an intentional and malicious targeted strike against a website or server that renders the target inaccessible to its users. People trying to get onto the website or online service will find that they cannot do so. The affected users might be clients, e-commerce customers, or staff. DoS attacks frequently target the servers of well-known companies and organisations including banks, commerce, media outlets, and governments.
Costs
A DoS attack does not generally result in a loss of data or organisational assets. However, the extended time that a server or website is down costs the victim organisation a lot of money in terms of lost revenue, resources spent getting the online service back up and running, and reputational damage. The attacker can be motivated for a variety of reasons. Some may be hacktivists - hackers who aim to draw attention to a cause, be it social or political, cyber-criminals or even hostile states.
Methods Of Attack
Two methods are prevalent for DoS attacks. The most common is flooding the service or website with traffic. This increased traffic slows the server down until it stops altogether. The second method is crashing the service through exploiting internal vulnerabilities in the target’s system and introducing bugs.
There is another type of attack called the Distributed Denial-of-Service (DDos) attack. This is where the attack on the single target is co-ordinated from multiple systems across a range of hosts. This distribution of attacks can make the originating location of the attack harder to detect. The attack and disruption to the target’s business is sustained for longer, and effectively disguises the identity of the attacker.
Prevention
Thankfully there are ways to successfully identify and defend an organisation against the various methods of DoS attacks. The first line of defence should be the installation of firewalls, anti-DoS software, and routers. These packages contain functions that can detect suspicious increases in traffic or bogus traffic and block access accordingly.
To stay robust, these applications should be configured to accept regular security updates. Security updates are a vital part of staying safe from DoS as they ‘patch’ gaps that could potentially be exploited by DoS attackers. An additional option is integrating front end hardware into the network that can analyse and screen data packets. The hardware will identify potentially dangerous data and block it from entering the system.
You may also wish to check that your current website host service is prioritising security. If it’s not, it might be time to investigate other hosting options. Finally, older IT equipment and running old software can leave an organisation more vulnerable to attack. Hard drives that don’t self-encrypt and computers that lack built-in security functions like BIOS leave a network more vulnerable to attack.
Find Out More
If the time has come to consider replacing your outdated IT equipment, get free guidance on secure IT asset disposal by downloading this Guide To Mobile Data Sanitisation.
Image Source: unsplash.com
