There are many reasons why hackers attack websites and services. They may be seeking revenge, looking for money or trying to influence politics.
In a denial of service (DoS) attack, hackers flood servers with junk traffic and spoofed return addresses. This clogs up server resources and denies service to legitimate users.
They want to gain access to information.
A DoS attack drowns a website, service or database with so much traffic that it cannot function. This saturates the available bandwidth and depletes the system’s CPU and RAM capacity, effectively taking it offline. The three main types of DoS attacks are flood, application and network layer. Experts define the difference between DOS and DDOS as an app-layer DoS as “a type of attack that targets the software tools a website uses to operate—such as web servers, chat apps and databases.” Network-layer attacks target networking devices like routers and switches, causing them to overload and takedown systems.
Distributed denial-of-service attacks rely on a network of computers —called bots —infected with malware to send a barrage of meaningless requests simultaneously. They are more difficult to detect and mitigate because they come from many locations, often disguising their origin. They are also fast, allowing hackers to deliver more power.
Hacktivists, extortionists and cyber vandals often use DDoS to disrupt their opponents’ online presence and reputation. These attacks can cause revenue loss, erode consumer confidence and force businesses to spend fortunes on compensation. They can last for days, weeks or even months, so they are useful weapons for those who want to make a point or champion a cause. In 2019, a DDoS attack was launched against a pro-democracy movement in Hong Kong. The DDoS was a response to a video that exposed police violence against protestors.
They want to disrupt business.
DDoS attacks are designed to overwhelm web servers or other resources with so much traffic that they can no longer function normally. These attacks are often carried out using a botnet comprising hundreds or thousands of trojan-infected systems. These devices, called zombies, form a network the criminal controls via a command and control server. The attacker sends the bots a message that they should send many requests to the targeted resource, which causes it to become overloaded and crash.
Cybercriminals use DDoS attacks for several reasons. One motive is to disrupt a competitor’s business by taking it offline, thus stealing customers. This is especially common within the online gambling industry. Another reason is to get revenge on a victim or to blackmail them. For instance, some cybercriminals threaten to carry out a DDoS attack unless the victims pay extortion demands.
Finally, hackers may launch DDoS attacks to expose a company’s poor security practices. This can damage their reputation and attract the media’s attention. As more and more businesses rely on their websites to generate revenue, they can’t afford to have their sites taken down by DDoS attackers. In addition, consumers lose faith in companies hit with DDoS attacks, which can have a ripple effect on their spending habits.
They want to make money.
Many cybercriminals carry out DOS attacks because they want to make money. This can be achieved by making the target business lose customers and sales or extorting the victim.
Malicious competitors can also use a DOS attack to take a rival’s network offline and steal customers. This is particularly common in the online gaming and gambling industries. Hacktivists can also use it to draw attention to their cause.
DOS attacks are usually short-lived. However, if the attacker is motivated enough, they can persevere with their attacks to achieve their goals. For example, a disgruntled employee could continue an attack against their employer for as long as they can to create bad publicity.
Distributed denial of service (DDoS) attacks are much more difficult to stop because they are launched from a wide range of infected systems and devices, known as bots. These can be PCs, laptops, smartphones or Internet of Things devices. These bots send a barrage of requests to the targeted server worldwide to overwhelm it and exhaust its resources, such as RAM and CPU.
Cybercriminals might use a DDoS to distract a company’s IT security team while they attempt to break into the organization’s systems. They might also use it as a demonstration of their skills to other members of the hacking community.
They want to expose injustice.
When a business is the victim of a DDoS attack, it can feel like an invisible mob has blocked its door. As a result, their website becomes unavailable, and potential customers cannot visit. These attacks can damage small businesses and even cause them to leave. The attackers are typically bored cyber vandals looking for a challenge. Known as script kiddies, they use pre-written scripts to launch DDoS attacks. Many of the victims of these attacks are e-commerce sites.
Distributed denial-of-service attacks are more complex than regular attacks in which one perpetrator exploits a vulnerability in a protocol or floods a server with fake requests, consuming its network connections, memory or processing power. In a DDoS attack, the attackers come from many connected devices across the Internet, called a botnet.
The attacker commands these botnets through a command and control server. They enlist thousands of computers to bombard a target with bogus traffic, making it hard for legitimate Internet users to access the website or service.
Sometimes, these cyberattacks are motivated by revenge, blackmail or hacktivism. For example, a disgruntled employee can launch an attack to get back at the company. Some hackers will contact the victim and promise to stop an attack if they receive a ransom payment. Foreign and domestic governments may sometimes launch DDoS attacks to silence dissent or hamper opposition communications.