The Kill Chain is the cybercrime thriller from Scotland’s newest writer, GJ Scobie, published by Darkstroke publishing, in the summer of 2022. This blog post is one in a series called Facts behind the Fiction, in which I take an aspect of the plot and provide factual background material, giving an insight into the real world of cyber security and those who work tirelessly to defend our networks and data.
So, what is DDOS?
It stands for Distributed Denial of Service. As an attack, it involves swamping computer systems with requests to the extent the operating system cannot handle the sheer volume of them and grinds to a halt and falls over. If initiated from a single computer, that is known as DOS attack. If many computers are involved – which is the usual method – it is called a Distributed DOS attack or DDOS. Typically, those involved will have a group of compromised computers they can use, called a Botnet. This provides additional resource to increase the intensity of the attack, while allowing themselves to hide behind other user’s systems.
The cyber security industry has over the years developed protections into their systems and defences to help combat a sudden increase in traffic. Network providers run services which can detect and effectively filter out non-legitimate requests aimed at the target of the attack.
There are different types of DDOS attacks, but that is for a more technical discussion than this blog post covers.
Today, when such attacks occur, there is always the concern that this is a distraction tactic. Essentially, the attackers use DDOS to tie up effort on the part of those defending the network, while trying to gain access elsewhere. The attackers may not expect their DDOS attack to be successful, but hope the defenders attention is focussed on the DDOS attack, and not elsewhere on the network.
It can also be used by attackers in the early stages of reconnaissance, simply to see what the target response is. If they find that the organisation does not have adequate defence to the DDOS attack – which has been around for many years – that would suggest they are also vulnerable elsewhere and could potentially be compromised by a more covert attack, one that is not so noisy or obvious.
Next time, Zero-day. What is it?