You’ve clicked the link to your favorite website – maybe it’s one you rely on daily to get your work accomplished, or maybe it’s even your nonprofit’s or association’s site. You wait for the initial screen to display on your monitor or mobile device. Your attention is pulled away momentarily (multitasking?) and then you return to the screen expecting to see the website’s content. Only, the screen appears blank or a progress bar seems stuck, and the website fails to display. Hitting refresh doesn’t alleviate the problem.
Then reality sinks in, and you realize the website you need is unavailable. For a long time. Perhaps, you even learn that the entire region around you has lost internet connectivity. While it may be somewhat consoling to learn it’s not just you, the fact is your website is unreachable because of a concerted cyberattack.
While there are numerous types of cyberattacks, they basically come down to two types:
- A denial-of-service attack (DoS) – This is an attack in which a malicious entity makes a network computer unreachable. The entity takes over all the available connection resources by overloading the network with a plethora of automated connection requests. Imagine a flash mob appearing at a local fast food place for the sole purpose of choking the drive-through line and filling the counter area, so legitimately hungry patrons can’t order food.
- A distributed denial-of-service attack (DDoS) – This type of attack is the same as above, with the additional dynamic of initiating the attack from different sources. This makes stopping the attack more difficult, because it can’t be stopped by shutting down a single source of the attack.
Worldwide DDoS Attacks & Cyber Insights Research Report, a study released earlier this month by cybersecurity firm Neustar Security, confirms fears that DDoS attacks are rapidly becoming more numerous and powerful. According to the research, 43 percent of attacked organizations report an average revenue loss of $250,000 per hour. On average, the study says, it takes enterprise organizations three hours to discover a DDoS attack and an additional three hours to mitigate the inbound data barrage.
To protect against attacks, there are several types of cyber defenses, including:
- Firewalls – To ward off the most basic of attacks, a firewall is programmed with a simple rule to refuse all incoming traffic from cyber attackers that’s based on the attackers IP address.
- Switches and Routers – Some switching and routing hardware can be programmed to provide automatic system rate limiting to control the amount of traffic allowed to pass through the network.
Generally, individuals predisposed to launching DoS attacks usually target high-profile websites and online services provided by banks, large companies and government entities. But this does not mean they would exclude smaller nonprofit organizations and associations. Sometimes the motivation to initiate an attack can be an activist’s vision of getting revenge on, or extracting blackmail from, an organization with which they philosophically disagree.
The U.S. considers DoS attacks illegal under the Computer Fraud and Abuse Act. Handled by the Computer Crime and Intellectual Property Section of the U.S. Department of Justice, a person could face 10 years of imprisonment and $250,000 in fines if convicted of participating in a DoS attack.
On the flipside, some activists contend that a DoS attack is the same as an act of civil disobedience and, as such, have asked that it be recognized as a legal form of protest.
Besides the courtroom cat-and-mouse, the internet-based riposte and parry between attack techniques and defense techniques has become a battle between malfeasants searching to exploit computer network weaknesses and network administrators seeking the hardware and software resource settings needed to eliminate those weaknesses.
Even though this cyber war may be leaving many of us feeling like collateral damage, the knowledge that there are technical professionals working to provide us the best possible defense should give us some solace.