Cybersecurity, what are DDoS attacks and how to defend yourself

On the evening of May 19, some websites of public administrations and private entities were attacked by hackers. This is not the first time this has happened, and the cyber threats they will not end here

WATCH THE VIDEO: Killnet, what we know about the hacker group

The Cybersecurity Agency has made it known that it is continuing to closely monitor these events, but to help the various realities to defend themselves autonomously, a document has been published on the Csirt website that describes the different types, techniques and mitigation measures that can be put into practice in advance or – in limited cases – during DDoS attacks

Attack by Killnet’s Russian hackers on Italian institutional sites: 50 targets indicated

DDoS attacks, it is explained, are those performed through the use of multiple distributed sources and “although they make the services unavailable for a certain period of time, they they do not affect the integrity and confidentiality of the information and the systems affected unlike, for example, a ransomware-type attack ”

Eurovision Song Contest, hacker attacks by a pro-Russian group thwarted

The document states that the possibility of carrying out these attacks “depends on multiple factors and it may take huge resourcestherefore different techniques and strategies are used by the attackers to optimize the performance of malicious activities in a game of force in which the parties involved engage network and computing resources with opposite purposes ”

Live In Bari, Baldoni: “Maximum alert in the West for Russia’s cyber capabilities”

The way in which to act and eventually respond, however, depends on the type of attack. In the document, we read that there are three types. Those volumetric aim at consuming the network bandwidth availability of the target infrastructure while those “to exhaustion of state”Are aimed at consuming the computing and / or memory resources of the devices

How a cybergang works: behind the scenes of the hacker attack on Trenitalia

Finally, there are the attacks “applications“, Which aim at the consumption of software processes, the number of threads, the number of connections, the disk space, the available budget (in the case, for example, in which the target accesses third-party paid services)

These attacks can in turn be divided into other sub-categories according to the how they are perpetrated he was born in target that they target

Knowing exactly the type of attack is important because different ways are recommended based on it. In the document, for example, we read that it is “of utmost importance to implement adequate systems of Anti-DDoS in order to prevent volumetric attacks (eg. Content Delivery Network); where it is necessary to act with precise rules, the IP / Subnet / AS block request must be well thought out, minimally restrictive and temporary ”

And again: “To identify and mitigate the effects of application attacks it is advisable touse of IPS systems (Intrusion Prevention System) capable of performing “deep packet inspection” (recognition of the application protocol). Several cloud based IPS solutions also allow you to request the resolution of a CAPTCHA11 for users who access the services from specifications geographic locations”

Those interested can read the document with all the specifications on the site https://www.csirt.gov.it/. It can be found in the ‘Bulletins and news’ section and is entitled ‘DDoS ATTACKS – Types and mitigation actions’