A distributed reflection denial-of-service (DrDoS) attack occurs when attackers compromise computers or devices to send multiple simultaneous requests to their chosen target. They redirect or reflect their requests to the victims’ systems before these are sent to a selected website, server, application, or computer.
Think of it this way, DrDoS attackers hide behind the compromised systems to evade leaving traces that cybersecurity analysts or researchers can follow. As such, the victims’ computers or devices would look like they belong to the threat actors instead of just serving as mirrors as when, say, you want to light a bonfire using sunlight.
Read More about “DrDoS Attack”
If you think about it, there’s a very subtle difference between a DrDoS attack and a distributed denial-of-service (DDoS) attack.
How Does a DrDoS Attack Differ from a DDoS Attack?
In a DDoS attack, attackers command the compromised computers to flood a target with requests. They don’t necessarily care if their systems get identified during investigations. In DrDoS attacks, on the other hand, threat actors make it a point to remain anonymous.
We can thus say that DrDoS attacks are a kind of DDoS attack since they use many compromised systems to render a target website, server, application, or computer inaccessible.
How Does a DrDoS Attack Work?
The diagram below shows that.
In a DrDoS attack, the threat actors send the requests meant for a target using systems they compromised earlier. Spoofing or appearing to come somewhere other than the actual origin is critical here. In this case, when investigations ensue, what analysts and researchers will see as attack origins are the spoofed devices’ IP addresses. They won’t have any idea what the attackers’ IP addresses are.
If things remain a bit unclear, this video may help.
Why Do DrDoS Attacks Work?
DrDoS attacks work because threat actors often spoof the IP addresses of legitimate organizations, making the requests look credible.
But spoofing doesn’t only make detection more challenging for investigators. Another plus for DrDoS attackers is anonymity.
What Are DrDoS Attacks Used For?
The exact motivations behind DDoS attacks apply to DrDoS attacks, which include:
- Hacktivism or the act of using computer-based techniques to express civil disobedience to political agendas or social changes
- Launch nation-state-sponsored attacks to cause a target economic or social disruption
- Corporate sabotage if a company hires DrDoS attackers to take down a competitor’s website
- For use as a smokescreen to distract the attention of the target’s security team from a more sophisticated attack
- Extortion if the threat actors ask the target to pay a ransom to stop the attack
What Are the Possible Effects of a DrDoS Attack?
Successful DrDoS attacks often result in:
- Loss of confidential or proprietary information
- Damages to partner, customer, and other stakeholder relationships
- Identity theft
- Reputational damage
- Revenue loss
- Operational downtime
How Can You Defend against a DrDoS Attack?
DrDoS attacks require prevention rather than protection. Companies that don’t want to suffer dire consequences must prepare for such attacks instead of just reacting when they happen. Here are some best practices your organization can follow.
- Reduce your attack surface and minimize business risks, securing your Internet-facing properties from potential compromise. You need to regularly patch all systems to make them less vulnerable to takeover, for instance.
- Backups are critical to avoid any downtime that will adversely affect your business. Employing secondary Domain Name System (DNS) service providers, for instance, can help keep your operations going even if your vendor gets attacked.
- Improve your DDoS attack incident response strategies and give your team the resources to act quickly if your company gets targeted.
- If you do get DrDoSed, be sure to have a plan to prevent your brand reputation and bottom line from suffering more than they have to.
- Use security solutions meant to detect signs of DDoS attacks. Traffic monitoring tools can help here.
While we have yet to see a DrDoS attack make the headlines, we’ve seen how DDoS attacks have brought down even the world’s largest companies like Google, Amazon Web Services (AWS), and OVH.