The Government of Belgian recently knocked offline due to DDoS attack. Several government sites and Internet Service Providers (ISP) of the public sector of the country were hit hard by DDoS.

DDoS

DDoS (Distributed Denial of Service) is a cyber threat that seeks to disrupt the normal traffic of a targeted server. This is done by controlling a network of malware infected devices.

This is like an unexpected traffic jam arriving at a destination.

What happened in Belgium?

The Malware was sent into the Belnet Network. This network hosts the government websites, police services and government universities and research institutes. After the network was infected with the Malware virus, the entire network was remotely controlled.

Working of DDoS

The attack is carried out with a network of Internet connected devices. The Malware is first sent to infect a network of computers and other devices. These infected devices and computers are called bots. A group of such bots in the DDoS are called Botnet.

First a Botnet is established in DDoS attack. Now the attacker is able to send direct instructions to each bot in the Botnet. The Bots will then send requests to the targeted IP address. The server eventually becomes overwhelmed and results in denial of service to the normal traffic.

How to identify DDoS attack?

  • Suspicious amounts of traffic originating from a single IP address
  • Unexplained surge in requests to a single page
  • Odd traffic patterns; For instance, traffic spikes in odd hours of the day.