Over the last two decades, dramatic changes in the tech industry have altered the changing landscape of advancing cyber-attacks. The threat of DDoS (Distributed Denial of Service) attacks is increasing and evolving.
But where did it all begin? Let’s find out.
A DDoS attack occurs when an attacker attempts to make it impossible for a service to be delivered. This is done by denying access to servers, devices, services, networks or applications. In a DoS (Denial of Service) attack, one system sends malicious data or requests to a server. In a more complex DDoS attack, multiple systems drown another with requests for data.
The result is so many requests sent to a webpage or database that it crashes under the demand. The consequences can range from mildly disrupted services to entire websites and businesses going offline. Downtime on sites is damaging, especially for those that depend on being online 24/7/365. Unfortunately, these attacks are increasing in intensity.
The first ever DoS attack occurred in 1974, when a 13-year-old boy called David Dennis wrote a programme that remotely locked up multiple terminals in a university computer lab.
In the early 2000s, DoS attacks consisted of a single machine sending a single attacking signature, automated by manual keyboard entries. As this proved inefficient, attacks moved from manual to semi-manual. This involved a simple script combined with a number of loops enabling a level of automation.
Semi-automated attacks meant targeting multiple IP sources, and coincided with the introduction of command and control (C&C) servers. This style of attack became known as DDoS. Predefined commands from C&C servers carry out a set pattern of signature attacks. This meant that although the intelligence of DDoS attacks was the same as DoS, the reach was far greater.
A major development in DDoS attacks arrived with the automatic spreading of malware. Malware describes malicious software and marked the start of fully automated DDoS attacks, giving them an even greater distribution and allowing them to be scheduled without human intervention.
Fast forward to the present day and we’re seeing a significant rise in the number of DDoS attacks utilising IoT and AI.
IoT-based devices generally have a lack of security. They’re hacked easily and turned into a botnet due to their everyday use and their insecure IP address. Over the past five years, IoT-based attacks have been increasing. They provide a straightforward pathway for an attacker to take advantage of an insecure IP address and gain access to a network, spreading damaging malware.
AI is dramatically transforming the landscape of DDoS attacks. The most modern DDoS attacks combine all the power of IoT-based attacks with AI, various feedback loops and automatic optimisations.
The result is a more powerful form of DDoS attack which harnesses the ability to adapt as the defence changes. This naturally presents a number of challenges previously undetected and irrelevant due to the reliance upon humans. AI-based attacks rely solely upon a computer, which never tires or stops attacking. They also render human defence mechanisms useless – the only way to fight a machine is with another machine.
Essentially, there has been a steady removal of human intervention over the history of DDoS attacks. Present-day attacks can now go on for much longer and have a much greater reach than their predecessors, making it more crucial than ever to protect your business against the DDoS threat.
UKFast’s DDoS protection service – DDoSx® – detects and prevents even the most sophisticated of DDoS attacks, filtering out bad traffic so that your server only receives genuine traffic. DDoSX keeps your business online 24/7/365, even in the event of a DDoS attack.
Discover DDoSX today and protect your business from the most sophisticated of cyber-attacks.