Understanding Cyber Warfare: DDoS attacks
May 03, 2022
Want to become more technical in just 5 weeks? Find out how the Skiplevel program can help.
Into to Modern Warfare
Today's modern warfare isn't complete without cyber warfare. We see this happening now in the Ukraine-Russia crisis. As the invasion is being waged on land, on air, and in the sea, the war is also waging over the internet.
While there are many ways to wage cyber warfare like exploiting vulnerabilities in software, and phishing, I'm going to focus on one of the more commonly used tactic during heightened cyber attacks: DDoS attacks. Heavy DDoS attacks are being levied on critical government and infrastructure systems around the world as you're reading this, so let's dig in shall we?
What's a DDoS attack?
DDoS stands for "Distributed Denial of Service". While some cyber attacks are meant to steal information, DDoS attacks are meant to disrupt business-as-usual by taking down servers hosting websites and applications. DDoS attacks do this by slowing down or shutting down server(s) by overwhelming them with a flood of traffic. This can bring down crucial infrastructure software like government services, dams, and healthcare systems wreaking havoc and chaos on normal life.
In the Skiplevel course, we learn about the fundamentals of servers and how every server has a limited amount of physical resources like memory, processors, hard drives etc. When there are more requests than there are server resources available, the server will slow down significantly or stop processing incoming requests altogether. You can compare this concept to how our brains have limited attention and when overwhelmed with information, we tend to shut down.
How are DDoS attacks achieved?
DDoS attacks are "distributed" because the flood of traffic isn't coming from just one computer, but many computers. These computers are infected with malware that allows them to be controlled remotely by an attacker. These infected computers are otherwise what we refer to as bots[1], and an interconnected network of many bots is called a botnet[2].
Botnets are made up of any type of computer or device including IoT devices. IoT[3] stands for "Internet of Things" and is the umbrella term for all smart devices that are connected to the internet such as smart refrigerators, cars, lights, thermostats, health monitors, and even microwaves!
In a DDoS attack, each bot is directed to send requests to the target server's IP address[4], thus overwhelming the server(s). Because each bot is a legitimate internet device, it's difficult to separate out bots from normal traffic, thus making DDoS attacks extremely difficult to stop, especially when there are hundreds of bots in the botnet.
Image courtesy of mikrotik.com
So are we doomed forever?
Yes and no. While DDoS attacks are serious, the tech industry broadly have developed methods to mitigate these sorts of malicious attacks. For example, popular web infrastructure and security companies like CloudFlare counteract DDoS attacks by creating a network of distributed servers to the point where traffic is absorbed by the network. Sort of like channeling a rushing river down separate smaller channels, making the impact more manageable.
But despite these mitigations, cyber security is becoming an increasingly pressing issue. In 2021 alone, there was a 50% increase in overall attacks per week on corporate networks compared to 2020.
So while "black hats[4]" will continue to innovate new weapons in cyber warfare just as "white hats[5]" will continue to find ways to thwart them. As such, it's crucial that governments and organizations invest in cyber security and prevention as prevailing trends will likely not let up any time soon.
Apply what you learned about Cyber Warfare & DDoS attacks and read more about the Ukraine-Russia cyber warfare here.
*Definitions of tech terms:
[1] Bot: A computer or device infected with malware allowing it to be controlled remotely.
[2] Botnet: An interconnected group of bots.
[3] IoT: "Internet-of-things". Umbrella term for smart devices connected to the internet such as smart refrigerators, cars, lights, thermostats, and health monitors, etc.
[4] IP Address: "Internet Protocol Address". Unique identifier of a device on the internet. Represented as a string of numbers separated by periods. Example: 191.293.1.38
[4] Black hats: Tech industry lingo for a person who hacks into a computer network with malicious or criminal intent.
[5] White hats: Tech industry lingo for an "ethical hacker": person using hacking skills to identify security vulnerabilities in hardware, software, or networks.
Positive feedback is feedback too!
We often think of feedback as “critical feedback”, but positive feedback is just as important! Team cohesive and effective teamwork ultimately comes from a place of positivity and a sense of forward/upward momentum. It’s difficult to have these when just focusing on critical feedback. You want to know what you’re doing right along with ways you can improve. So as much as possible, ask for positive feedback like “What did you like about [x] that you’d like to see me continue doing?” and “What was your favorite part about [x]?”
If you want to level up your technical skills and your ability to communicate and collaborate with engineers, enroll in the Skiplevel program. The Skiplevel program is a comprehensive, on-demand course + community that helps you become more technical without learning how to code.
Become more technical without learning to code with the Skiplevel program.
The Skiplevel program is specially designed for the non-engineering professional to give you the strong technical foundation you need to feel more confident in your technical abilities in your day-to-day role and during interviews.
Fullstack software engineer and tech mentor to product managers. Follow Irene on Medium!