DDoS attacks have become all too prevalent in today’s technologically advanced society. Even if your organization is small, a distributed denial-of-service attack (DDoS) can disrupt or shut down your internet-connected services, including email, websites, and anything else. Data theft and network penetration are only two examples of unlawful activity that DDoS attacks might divert while you focus on cybersecurity.
A rise in the size and frequency of distributed denial-of-service attacks. It’s becoming increasingly common for hackers to use distributed denial-of-service (DDoS) assaults and build new botnets and attack new targets. Since the number of DDoS weapons has increased, botnet activity has become common, and the most massive DDoS attacks have been recorded in history; 2020 has been a busy year for hackers.
Everything from education and healthcare to consumer shopping and office work moved online quickly due to the COVID-19 shutdown, giving hackers more targets than ever before for 2020 DDoS attacks. As the study points out, due to the difficulty of maintaining cybersecurity best practices in an emergency, the haste with which this change was implemented left many of these organizations and people particularly exposed. Here are five major types of DNS attacks:
1. The Google Attack, 2020
According to a blog post published by Google’s Threat Analysis Group (TAG) on October 16th, 2020, threats and threat actors are changing their tactics in anticipation of the next election year’s 2020 presidential race. It took three Chinese ISPs six months and 2.5Tbps to launch an attack on hundreds of Google IP addresses.
2. The AWS DDoS Attack in 2020
Amazon Web Services, the 800-pound gorilla in cloud computing, was crippled by a significant distributed denial-of-service (DDoS) assault in February 2020. CLDAP reflection, a tactic used by attackers to launch the most recent and most severe DDoS assault, targeted an unnamed AWS client. A 56 to 70-fold increase in the amount of data sent to the victim’s IP address due to the attack. 2.3 terabytes of data were lost every second throughout the attack’s three-day duration. Because of its enormous magnitude and impact on Amazon Web Services (AWS) hosting customers, this DDoS attack on AWS did far less damage than it could have.
3. The Mirai Krebs and OVH DDoS Attacks in 2016
Cybersecurity expert Brian Krebs’ site was targeted by a DDoS assault on September 20th, 2016, with throughput exceeding 620 Gigabits per second. Krebs’ website has already been under attack from spammers and other bad guys. Even though Krebs has documented 269 DDoS attacks since July 2012, this was the most powerful attack he has ever seen.
Mirai botnet was responsible for the attack that compromised more than 600,000 Internet of Things (IoT) devices in 2017. Among the affected IoT devices were IP cameras, home routers, and video players. As early as August of that year, the Mirai botnet had been discovered; nonetheless, this was its first public appearance.
4. The Mirai Dyn DDoS Attack in 2016
Let’s take a look at a prior Mirai botnet DDoS attack before getting into the specifics of the most recent one. Multiple copies and modifications of the Mirai DDoS platform have been made since its source code was made public on hacker forums on September 30th by a person claiming to be its creator.
5. The GitHub Attack in 2018
The DDoS attack took place on February 28th, 2018, and for around 20 minutes, GitHub, a software development platform, utilized 1.35 terabits per second. According to a GitHub report, some traffic was traced to “almost a thousand different autonomous systems.”
Preventing an Attack:
Protect and safeguard your resolver.
To prevent hackers from poisoning your resolver’s cache, only users on your network should be able to access it. External users should not be able to access it. Using The Measurement Factory’s web tool, you can see if your network has any open resolvers.
Configure it such that it is impervious to cache poisoning and other security threats.
Cache poisoning protections incorporated into DNS software include adding diversity to outbound queries to make it more difficult for a hacker to get a fake answer approved. Here are some ideas about how to go about it.
The query ID is generated using a random source port (instead of UDP port 53), and the domain names are sent out to be resolved case-sensitive. That is because name servers will resolve IP addresses, for example.com and ExaMPle.com, using the same case (example.com and exaMPle.com).
Securely manage DNS servers.
There are a few options for hosting your authoritative servers. You may do it yourself, or you can have it hosted by your service provider or registrar. Because “no one cares as much about your security as you do,” Brenton recommends hosting and administering your website if you have the necessary expertise. There’s no shame in hiring someone else to do the job for you if you don’t have the necessary abilities. As a result, many businesses must have DNS servers located in three or four different locations worldwide.