Where is the cyber-attack coming from?

It can shock the general user when they first learn of a cyber-attack as a worldwide sensation. But similar incidents happen every hour.

What is a cyber-attack?

“A cyber-attack is a violation of the security of a system or network, be it a system or a network.”

Cyber-attacks are a growing concern that many people face every day. This is especially true for large corporations and governments, who often spend millions of dollars each year defending against cyber-attacks. What is perhaps less known is the fact that cyber breaks happen every hour, and in most cases, they’re not nearly as big or dramatic as what we see on the news.

Over the past weeks and months, there has been a lot of news coverage about government servers being attacked on the first and second of May, presumably from abroad. During the attack, which lasted three times two hours, public services became unavailable. The identity and motives of the attackers have not yet been revealed. A server can also become unavailable due to an incorrect network configuration, but let’s take a look at what exactly such an attack means.

As for the method, a DoS (Denial of Service) attack can be carried out by our imaginary hacker Stephen, when he overloads his hated classmate Peter’s Minecraft server with a simple program. His attacker program bombards the server with requests, which tries to respond, but it causes the others’ connections to hang up. Peter is not good at network security, so he turns off the computer and goes outside to play football with the others. Without Stephen. If he knew what he was doing, he could find out in seconds that it was Stephen, disable his computer’s traffic, and everything could go on without a hitch.

A single computer cannot overload a large server, so the attack is carried out from several machines simultaneously. This is called a distributed overload attack or DDoS (Distributed DoS). An attacker does not have many friends, so he needs a network (the botnet) to keep in touch with the attacking machines, hidden from their users. The software cannot be installed by a sane person but can be spread by a virus or Trojan. A P2P file-sharing program is the best way to do this, as it allows all users to download and upload data through its software firewall. The botnet machines can also be used for password cracking and bitcoin mining. A network controller using strong encryption is impossible to catch, as he can enter his network through almost any “zombie machine”. If he does not blame the attack, his identity will not be revealed. Nor will you know from which countries the attack originated because the attacking machines can easily spoof their IP addresses.

Two things can be done: servers must be protected against DDoS. You can increase the server’s connection speed the power used for filtering, but this would be an unnecessary expense. ISPs also offer DDoS protection, and the webserver only receives genuine requests; it should not be over-provisioned. This is not enough, of course, because an attack can get through this, for example, by downloading an image of a website thousands of times. This has to be filtered intelligently by the webserver. The other part of the defense is indirect, and it is ours: the aim is to ensure that our machines are not part of a zombie network. An effective antivirus and network traffic monitoring are recommended and responsible for internet and program use. Downloading programs only from a trusted source, from the vendor’s site, also helps to protect against it.

Cyberwarfare is a daily occurrence, and there are always small-scale incidents. The motive is often financial gain to discredit competing companies. You can see parts of the war under our noses at Digital Attack Map in near real-time. It is also instructive to look at the political and economic news on the highlights day.

Conclusion

As cyber-attacks become more and more common, it’s easy to stop paying attention. But these attacks are happening so often now that many companies are getting hit with several breaches per week. The goal of this post was to highlight the severity of the problem and share what you can do to protect yourself.