TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

What Is a Distributed Denial-of-Service Attack?

2019-06-05 · Read original ↗

ATT&CK techniques detected

43 predictions
T1584.005Botnet
92%
"herder ). in most cases, the owners of these infected computers are not even aware they ’ ve been compromised. from one or more computers designated as the command and control ( c & c ) server, the attacker sends remote “ launch ” instructions to the bots. collectively, these sys…"
T1498Network Denial of Service
90%
"in what is known as the cia triad. how does a ddos attack work? most ddos attacks are designed to consume all available network bandwidth or resources on a target network, system, or website. the attacker uses one of many available methods and tools to flood the target with a bar…"
T1584.005Botnet
89%
"##net reportedly consisting of hundreds of thousands of iot devices infected with the mirai malware, which gave attackers remote control over the devices. peaking at 1. 2 tbps, the attack was the first to highlight how vulnerable many iot devices are and how easily they can be ex…"
T1498Network Denial of Service
86%
"##wing a modern - day botnet ) shut down the university of minnesota ’ s network for two days. 2 it wasn ’ t until 2000 when so - called “ mafiaboy ” michael calce launched attacks against several large companies, among them, amazon, ebay, cnn, amazon, and yahoo! — the largest se…"
T1498Network Denial of Service
85%
"t adequately explain what they want that the operator must put the call on hold. meanwhile, many more of the same kind of calls come in, and eventually all of the operator ’ s time is consumed handling fake calls that legitimate ones can ’ t be answered. who ’ s attacking and why…"
T1498Network Denial of Service
85%
"what is a distributed denial - of - service attack? what is a distributed denial - of - service attack? as the name implies, a denial - of - service attack is an attempt by attackers to keep users from accessing a networked system, service, website, application, or other resource…"
T1584.005Botnet
85%
", today ’ s botnets consist of compromised internet of things ( iot ) devices. as the number of these devices ( from home appliances and toys to fitness devices and sleep aids ) grows into the multi - billions, the problem of malicious bots being used by attackers is skyrocketing…"
T1498Network Denial of Service
84%
"a month. if that app goes down during a pay period and paychecks are delayed, the provider could be subject to legal action. the same is true for cloud or web service providers — if their services cause hundreds of thousands of other companies ’ websites to go down, they run a hi…"
T1498Network Denial of Service
79%
"your infrastructure, from the network all the way up to the application and its supporting services. ( for a unique look at how modern apps are constructed and where they ’ re vulnerable to all types of attacks, not just ddos, see apps are like onions ; they have layers. ) - volu…"
T1498Network Denial of Service
78%
"services that are open to the internet as frequently as possible. - apply patches promptly. - shut down all ports that you don ’ t need to use. - block packet with spoofed source ip addresses. use real - time threat intelligence feeds to alert you to bad ip addresses to block. - …"
T1498Network Denial of Service
77%
"from thousands of individual ip addresses and can range in the hundreds of gigabits per second range or, as we ’ ve seen in examples above, in the terabits per second range. with the cheap, easy availability of ddos tools and massive iot botnets for rent, we expect ddos attacks t…"
T1498Network Denial of Service
74%
"multi - level attack — usually used as a distraction for a broader attack aimed at stealing account information or taking over accounts. in the case of web hosting providers and colocation facilities, their own customers, although not directly targeted, end up becoming collateral…"
T1498.001Direct Network Flood
72%
"your infrastructure, from the network all the way up to the application and its supporting services. ( for a unique look at how modern apps are constructed and where they ’ re vulnerable to all types of attacks, not just ddos, see apps are like onions ; they have layers. ) - volu…"
T1498Network Denial of Service
64%
"the attack. if the attacker uses a botnet, the size of the attack can be even further magnified. this attack is somewhat like a prankster posting thousands of fake help wanted ads on the internet and listing the intended victim ’ s email address in the contact information. if the…"
T1498.001Direct Network Flood
61%
"in what is known as the cia triad. how does a ddos attack work? most ddos attacks are designed to consume all available network bandwidth or resources on a target network, system, or website. the attacker uses one of many available methods and tools to flood the target with a bar…"
T1498Network Denial of Service
60%
"specified resource ; http post is used to send data to a server to create or update a resource. attackers can easily take down a web server by sending a continuous stream of http get or post requests to the target without waiting for a response. the server tries to respond to all…"
T1498.001Direct Network Flood
59%
"##wing a modern - day botnet ) shut down the university of minnesota ’ s network for two days. 2 it wasn ’ t until 2000 when so - called “ mafiaboy ” michael calce launched attacks against several large companies, among them, amazon, ebay, cnn, amazon, and yahoo! — the largest se…"
T1499Endpoint Denial of Service
59%
"##wing a modern - day botnet ) shut down the university of minnesota ’ s network for two days. 2 it wasn ’ t until 2000 when so - called “ mafiaboy ” michael calce launched attacks against several large companies, among them, amazon, ebay, cnn, amazon, and yahoo! — the largest se…"
T1557.001Name Resolution Poisoning and SMB Relay
56%
"requests ) and is eventually overwhelmed and unable to respond, making the victim ’ s website unreachable. - dns reflected amplification attack. unlike in a dns flood where the victim ’ s own dns server is flooded with fake requests, in this attack, malicious actors use publicly …"
T1498Network Denial of Service
53%
"per second. below we describe a few of the most common types of ddos attacks : - syn flood. this volumetric attack prevents a server from handling new connection requests by manipulating the standard way tcp connects a client to a server. normally, in what is known as a three - w…"
T1499Endpoint Denial of Service
52%
"what is a distributed denial - of - service attack? what is a distributed denial - of - service attack? as the name implies, a denial - of - service attack is an attempt by attackers to keep users from accessing a networked system, service, website, application, or other resource…"
T1498.001Direct Network Flood
52%
"per second. below we describe a few of the most common types of ddos attacks : - syn flood. this volumetric attack prevents a server from handling new connection requests by manipulating the standard way tcp connects a client to a server. normally, in what is known as a three - w…"
T1498.001Direct Network Flood
49%
"from thousands of individual ip addresses and can range in the hundreds of gigabits per second range or, as we ’ ve seen in examples above, in the terabits per second range. with the cheap, easy availability of ddos tools and massive iot botnets for rent, we expect ddos attacks t…"
T1499Endpoint Denial of Service
48%
"multi - level attack — usually used as a distraction for a broader attack aimed at stealing account information or taking over accounts. in the case of web hosting providers and colocation facilities, their own customers, although not directly targeted, end up becoming collateral…"
T1498Network Denial of Service
48%
"can make moderate to substantial amounts of money hacking for a living, despite the risks involved - “ script kiddies ” who lack technical skills, so they use ready - made code and existing scripts to launch attacks who is a target of ddos attacks? regardless of size or industry,…"
T1499Endpoint Denial of Service
48%
"a month. if that app goes down during a pay period and paychecks are delayed, the provider could be subject to legal action. the same is true for cloud or web service providers — if their services cause hundreds of thousands of other companies ’ websites to go down, they run a hi…"
T1498Network Denial of Service
46%
"layer 3 and layer 4 protocols such as icmp ( internet control message protocol ), tcp ( transport control protocol ), udp ( user datagram protocol ), and others. the goal is to exhaust the computational capabilities of the network or intermediate resources ( such as firewalls ), …"
T1486Data Encrypted for Impact
46%
"convicted and sentenced in the uk. 6 protonmail secure ( encrypted ) email service provider protonmail suffered ddos attacks in both 2015 and again in 2018. at more than 100 gbps, the 2015 attack was notable not just for its size ( at the time ) but because it affected protonmail…"
T1498Network Denial of Service
44%
"or running complex database queries, can take a long time for the server to process. eventually the site resources are exhausted, leading to a denial of service. - low and slow ( for example, slowloris ). the goal of these ddos attacks is to bring application resources down quiet…"
T1499Endpoint Denial of Service
44%
"services that are open to the internet as frequently as possible. - apply patches promptly. - shut down all ports that you don ’ t need to use. - block packet with spoofed source ip addresses. use real - time threat intelligence feeds to alert you to bad ip addresses to block. - …"
T1498.001Direct Network Flood
43%
"t adequately explain what they want that the operator must put the call on hold. meanwhile, many more of the same kind of calls come in, and eventually all of the operator ’ s time is consumed handling fake calls that legitimate ones can ’ t be answered. who ’ s attacking and why…"
T1498Network Denial of Service
42%
"of cyberwarfare, which also included information warfare ( dissemination of fake news ). although the attacks originated from russian ip addresses and contained instructions in russian, they were never officially attributed to the kremlin. the attacks led to the formation of the …"
T1498Network Denial of Service
41%
"##os attacks? there ’ s no way to completely avoid being a target, but you can take steps to better protect your organization from becoming a victim. - implement ddos protection. based on the frequency with which your organization is attacked ( or is likely to be attacked ), your…"
T1190Exploit Public-Facing Application
41%
"this attack by exploiting misconfigured memcached database caching servers that were exposed publicly to the internet and had no authentication protection. attackers spoofed the source ip address, which returned packets to github that were significantly larger than the requests. …"
T1499Endpoint Denial of Service
39%
"t adequately explain what they want that the operator must put the call on hold. meanwhile, many more of the same kind of calls come in, and eventually all of the operator ’ s time is consumed handling fake calls that legitimate ones can ’ t be answered. who ’ s attacking and why…"
T1498.001Direct Network Flood
38%
"multi - level attack — usually used as a distraction for a broader attack aimed at stealing account information or taking over accounts. in the case of web hosting providers and colocation facilities, their own customers, although not directly targeted, end up becoming collateral…"
T1657Financial Theft
37%
"convicted and sentenced in the uk. 6 protonmail secure ( encrypted ) email service provider protonmail suffered ddos attacks in both 2015 and again in 2018. at more than 100 gbps, the 2015 attack was notable not just for its size ( at the time ) but because it affected protonmail…"
T1498.001Direct Network Flood
36%
"services that are open to the internet as frequently as possible. - apply patches promptly. - shut down all ports that you don ’ t need to use. - block packet with spoofed source ip addresses. use real - time threat intelligence feeds to alert you to bad ip addresses to block. - …"
T1499Endpoint Denial of Service
35%
"in what is known as the cia triad. how does a ddos attack work? most ddos attacks are designed to consume all available network bandwidth or resources on a target network, system, or website. the attacker uses one of many available methods and tools to flood the target with a bar…"
T1498.001Direct Network Flood
35%
"this attack by exploiting misconfigured memcached database caching servers that were exposed publicly to the internet and had no authentication protection. attackers spoofed the source ip address, which returned packets to github that were significantly larger than the requests. …"
T1498.001Direct Network Flood
33%
"what is a distributed denial - of - service attack? what is a distributed denial - of - service attack? as the name implies, a denial - of - service attack is an attempt by attackers to keep users from accessing a networked system, service, website, application, or other resource…"
T1498.001Direct Network Flood
32%
"a month. if that app goes down during a pay period and paychecks are delayed, the provider could be subject to legal action. the same is true for cloud or web service providers — if their services cause hundreds of thousands of other companies ’ websites to go down, they run a hi…"
T1498Network Denial of Service
32%
"this attack by exploiting misconfigured memcached database caching servers that were exposed publicly to the internet and had no authentication protection. attackers spoofed the source ip address, which returned packets to github that were significantly larger than the requests. …"

Summary

Learn how DDoS attacks can cripple your network, website, or business.