DoS Attacks: What Does “Denial-of-Service” Mean? How Do You Protect Your Organization?
Online shopping. Googling. Social media. Streaming movies and music. Working from home. The internet has become an integral part of our lives, but we sometimes overlook how much we rely on it.
And, as a result, how easily the balance of our lives can be disrupted.
A denial-of-service attack, or “DoS attack,” is a fairly primitive hacker trick. It relies on fake data requests to overwhelm a server and block access to legitimate users.
These assaults are nothing new. But, they’re growing in popularity as an easy and effective attack method, and have impacted many major companies in recent years. So how does a DoS attack work? Why are they so dangerous, and what can businesses do to protect their revenue?
Recommended reading
- Increase in Fraud in APAC Highlights Need for Solutions
- The Top 10 Prepaid Card Scams to Watch Out For in 2024
- How do Banks Conduct Credit Card Fraud Investigations?
- What is Synthetic Identity Theft? How Can Merchants Stop it?
- What is SIM Swapping Fraud & How Does It Work?
- Key Credit Card Fraud Statistics to Know for 2024
What is a Denial-of-Service Attack?
- Denial of Service Attack
A Denial of Service attack (or “DoS attack”) is an interruption in an authorized user's access to a computer network. This is often done maliciously by attackers who overload network servers through automated activity.
[noun]/də • nī • əl • ov • sər • vəs/In simple terms, a DoS attack is an attempt to shut down a site or server by overloading it with fake users or false information. Although it’s often labeled as “hacking,” that’s not really correct. Instead of gaining access to a target’s systems, the idea is to block real users from accessing a specific online resource, such as an email account.
They work because there’s a limit to how much CPU traffic a single system can handle. The DoS perpetrator uses automated programs to flood the targeted server with bogus requests for connection. Successful attacks will either crash the server or slow down access to the point at which legitimate users give up trying to access the site.
DoS tactics have been around for a long time. They’ve been used for many purposes, including both trolling and online activism. But, they can also be a tool for fraudsters, as we’ll see below.
While denial-of-service attacks had fallen out of the headlines for a while, the technique has recently seen a resurgence. One recent report estimates that DOS attacks are expected to increase by over 300% in 2023.
A simple denial-of-service attempt can be launched from a single computer. In contrast, an organized attack that comes from multiple sources is referred to as a distributed denial-of-service, or DDoS.
Why Do DoS Attacks Happen?
Like we referenced above, the reasons for denial-of-service assaults are varied.
Professional attacks may be an attempt to disrupt a competitor’s organization. Or, it may be to protest a social issue, or draw attention to a political cause. They could even be launched out of spite, or as a means of revenge.
In an earlier era of the internet, people commonly set DoS attacks in motion just to prove they could. Recently, we’ve seen more instances in which attacks are motivated by:
Geopolitics
Governments or opposition political parties sometimes use DoS attacks against their enemies. We’ve seen this activity surge since the beginning of the War in Ukraine in particular. Both sides are using DoS attacks to either shut down important websites or block access to crucial servers, hoping to interfere with their opponent’s operations.
Monetary Gain
Extortion is also a common reason behind DoS attacks. Attackers can freeze up a website with fake traffic and blackmail the owner, who must pay to have the site released. Experts worry that this type of attack could be used against hospitals, power grids, or other critical services, where paying the ransom may literally be a matter of life or death.
Distraction
Finally, it’s not uncommon for hackers to use a DoS attack as a distraction for a different, larger operation, such as a security breach. The assault keeps the target’s IT department so focused that the more dangerous crime is not discovered until it’s too late.
How Do Denial-of-Service Attacks Work?
As with most malicious online attacks, there are a variety of techniques for accomplishing the same goal. Most fall back on one of three tactics:
Symptoms of a DoS Attack
Remember: denial of service can happen for very legitimate reasons. An overloaded server or a system with maxed-out memory do not necessarily indicate malicious activity.
It can be tricky to identify a malicious assault. That makes it important to recognize some of the most common red flags of an attack, including:
- Inability to access a particular network or website
- Unusually slow or irregular network performance
- 503 “Service Unavailable” errors
- Unexplainable spikes in network traffic
- A large number of requests from the same IP address in a short period of time
For the best chance of detecting an attack, you really have to establish a benchmark for typical network activity over a given period of time. Knowing what’s “normal” for a given site enables you to distinguish possible DoS attacks in their early stages.
When creating your baseline, be sure to factor in periods where an increase in traffic volume is to be expected. For instance, if you’re running an eCommerce business, you should expect a surge in activity during the holiday season. Then, once a normal traffic pattern has been established, it will need to be monitored on an ongoing basis.
Impact of DoS Attacks
Dealing with denial-of-service attacks can be a serious hassle. Your site may be inaccessible for hours, even days, depending on the scale of the attack. That said, there are also some negative impacts to be aware of even beyond the scope of the attack itself, including:
How to Prevent DoS Attacks
There’s no sure-fire way to stop every denial-of-service attack. However, there are steps you can take to help mitigate risk.
DoS attack prevention can be broken down into four key actions:
Responding to DoS Attacks
It’s impossible to eliminate all denial-of-service threats. That said, having a response plan in place ahead of time can help you limit the impact of an attack and get back up and running quickly.
The most obvious requirement is creating current backups of data and mandatory applications. Backups should be performed consistently and tested on a regular schedule. Be sure staff members are clear on their responsibilities in an emergency situation.
Your plan should also define a specific course of action in the event of a successful attack:
DoS Attack Management: A Long-Term Process
DoS attacks were once the go-to technique that cybercriminals and online activists alike relied on to disrupt the normal operation of digital services. As more sophisticated tools became available, interest in DoS attacks seemed to wane. But, they’re becoming popular once again.
These assaults may not directly cause the loss of money or data-related assets. However, they still end up costing organizations significant amounts of time and resources, and may lead to customer disputes and chargebacks.
The most effective method of DoS mitigation is to prevent attacks from happening in the first place.
Up-to-date systems and virus protection tools, employee training, and vigilance are all good methods of combating DoS attacks. Even if an attack is successful, having a response and recovery plan already in place can limit the impact.
In fact, prevention is usually the best way to deal with any type of computer-based crime, including fraud and account takeover attempts. A comprehensive strategy can help identify threats before they happen, and protect your business and revenue. To learn how we can help, speak to one of our experts today.
FAQs
What does a denial of service attack do?
DoS attacks are designed to slow or block access to your servers by overwhelming the system with too many requests, or slowing it down with malicious software.
What is the difference between DoS and DDoS?
Denial-of-service attacks typically come from one person or machine. Distributed-denial-of-service (DDoS) incidents use multiple machines, IP addresses, and systems, making it almost impossible to trace the actual attacker (or attackers).
How long will a DoS attack last?
The duration of a denial-of-service attack will vary by the tactics and techniques used. It’s also in flux right now, as there has been a surge in DoS activity following the war in Ukraine. In Q2 of 2021, the average DoS attack lasted 30 minutes. One year later, the average is more than 48 hours.
Can DoS attacks be stopped?
Simple DoS attacks can often be blocked through vigilance and good overall network security. More sophisticated assaults can be more difficult, though. Keep in mind that your host internet service provider should also have measures in place to prevent or stop DoS attacks.
Why do DoS attacks still work?
The basic reason is that online servers and systems have a limit to how much traffic they can process at one time. As long as attackers have more memory and processing speed, they can typically find a way to commit DoS attacks.
Is a DoS attack a crime?
Yes. According to the FBI and other law enforcement agencies, denial of service attacks fall under the category of cybercrimes, and perpetrators are routinely jailed for the activity.