What is Cybersecurity?
According to Cisco Security team (n.d.), Cybersecurity is the practice of protecting systems, networks and programs from digital attacks. The aim of the attacks at accessing, changing or destroying sensitive information; extorting money from users; or interrupting normal business processes.
The successful approach of cybersecurity has multiple layers of protection which spreads across the computers, networks, programs and data that one intends to keep safe.
What are the common types of cybersecurity threats?
Ransomware: A type of malicious software, designed to extort money by blocking access to the files or computer system until the ransom is paid
Malware: It is a software designed to gain unauthorized access or cause damage to a computer.
Social Engineering: It is an adversary trick to reveal sensitive information which could result in solicit a monetary payment or gain access to the confidential information.
Phishing: It is a practice of sending fraudulent emails resembles from reputable sources. The aim of an attack is to steal sensitive data like credit card numbers and sign in information.
What is DDoS Attack?
DDos (Distributed Denial of Service) attack: According to Hulme (2018), it is an attempt to make target online service unavailable by overwhelming it with the traffic from multiple sources. A malicious attempt to disrupt the normal traffic of a targeted server, service or network by flooding the Internet traffic to the target.
As stated by Cloudflare (n.d.), In this attack, an attacker has to gain the control of the network of online machines such as computers and IoT (Internet of Things) devices to carry out an attack. Those devices are than infected with the malware and tern devices into bots or Zombie. And eventually attacker gain remote control over the group of bots called botnet. This botnet will help attacker to establish DDoS attack by sending updated instructions to each bot to send requests to the targeted server or network to overflow capacity.
According to the Newman (2018) report, GitHub faced the biggest DDoS Attack in February 2018 which contains traffic of 1.35 terabits per second hit on the developer platform of GitHub all at once using popular DDoS method that used tens of thousands of unique endpoints to attack over thousand different autonomous systems, not botnet. This was the most powerful attack reported till the date. Within 10 minutes, GitHub called for help form its DDoS mitigation service, Akamai Prolexic. They have routed all the incoming and outgoing traffic of GitHub and sent the data through its scrubbing centers to weed out and block malicious packets.
Real-time traffic from the DDoS Attack (By Akamai)
Types of DDoS Attacks and its mitigation based on Imperva (n.d.):
Volume Based Attacks: This will include UDP Floods, ICMP floods, and other spoofed-packet floods with the goal to saturate the bandwidth of the attacked site. The magnitude of the attack measured in bits per second (Bps). This can be counter by absorbing them with a global network of scrubbing centers that scale, on demand to counter multi-gigabyte DDoS attacks.
Protocol Attacks: It includes SYN Floods, fragmented packet attacks Ping of Death, etc. to consume actual server resources such as firewalls and load balancers which will measured in packets per seconds (Pps). This type of attack can be mitigated by blocking bad traffic going to the target by responding it using different cloud server until TCP handshake is complete for SYN packets.
Application Layer Attacks: It includes low and slow attacks, GET/POST floods, targeted to Apache, Windows or OpenBSD vulnerabilities with the goal of crashing the web server and the magnitude is measured in Request per second (Rps). This type of attack can be mitigated by monitoring visitor behavior, blocking known bad bots and unrecognized entities suing JS test, Cookie challenge and CAPTCHAs.