DDoS attacks: What you need to know

SINGAPORE — The recent disruptions affecting StarHub broadband customers have been traced to an unprecedented series of DDoS (distributed denial-of-service) attacks. Such cyberattacks have taken down major websites and online services around the world, and are becoming more sophisticated. Here’s what you need to know about this online threat and its potential impact.

WHAT IS A DDoS ATTACK?

- A DDoS attack is, in short, an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources concurrently. The more sources these attackers use, the harder it will be for cyber defenders to stop it.

- It can lead to individual websites being taken down, or even large swathes of networks being unavailable — like the case of StarHub’s broadband disruption.

- Attackers build networks of infected computers, known as “botnets”, by spreading malicious software through emails, websites and social media. Owners of these infected computers will not know that their computers are being used by the attackers.

- Botnets can be a small cluster of infected computers, or it can be millions. So far, the number of computers to strike StarHub’s network is not known.

- Methods of attack vary according to the target network infrastructure. In one method, attackers will flood the bandwidth of a site with an overwhelming deluge of information pieces. This is commonly done using botnets.

WHAT CAN BE USED DURING AN ATTACK?

- Just about anything that can be connected to the Internet — from a printer, to a CCTV-camera.

- In the case of StarHub, affected devices could have been infected by viruses and malware, allowing hackers to control them.

WHAT ABOUT REMEDIES?

- Currently, there are no foolproof solutions. It takes a collective effort from companies and society to bolster our cyber resilience, says both the Infocomm Media Development Authority and Cyber Security Agency.

- On a personal level: adopt good cyber hygiene practices to secure your devices.

- On an organisational level: maintain full visibility of unusual behaviours and movement within network environments.

HOW SEVERE IS SUCH AN ATTACK?

- The recent cyberattack on Domain Name Services provider Dyn was one of the biggest DDoS attacks in recent memory. It crippled many popular websites, including Twitter, Netflix and PayPal, and news websites like The New York Times.

- During the outage, which lasted throughout the day and spread across the US, users reported inability to access these websites for hours.

- Another notable DDoS attack in recent times was the attack on game devloper Blizzard in September, which affected popular games like World of Warcraft, Hearthstone: Heroes of Warcraft, and Overwatch.