Part A
Title
Understanding types of cyberattack by knowing its pattern and statistics.
Introduction
In this modern era, Internet is so common and slowly became living needs to human beings. Without these technology, humans are like losing their hands, losing the source of convenience. But, what benefits the people also brings disadvantages behind it. With the vulnerability of internets, the attackers perform attacks through the internet by using malicious code to alter computer code, logic or data causing disruptive consequences just to benefits themselves directly and sometimes indirectly, threatening the victims wealth, physical safety and mentality. Recently, the attackers perform attacks such as ransomware attack, DDoS attack, SQL injection and etc. The users of internet are very exposed to the attacks. Who would know, just by connecting to the public Wi-Fi, you might be attacked by the attackers. Who would know, just surfing some unfamiliar website, you might infected by ransomwares. It is dangerous if one has no knowledge about these attacks.
For an example, there was a viral ransomware attack which is called WannaCry spreading through computers worldwide last year. It is a ransomware which encrypts (lock) the user’s files, enabling only certain party able to do the decryption (unlocking) before paying some money. In order to prevent the threats, one has to be well knowing about the types, patterns and impacts of various kind of cyberattacks. In this assignment, some types of cyberattack will be introduced by describing its pattern and impact along with some real time statistics.
1.The DDoS/DoS(Distributed Denial of Service) Attack
Description
Basically, the purpose of DDoS attack and DoS attack are the same. They are used to flood on a system’s resources or say to jam the traffic of a system so that the other users cannot access to the attacked system. But, the difference between DDoS and DoS attack is that DoS attack only uses one single computer and internet, but DDoS uses multiples host machines that are infected by malware controlled by the attacker.
There are few types of DDoS/DoS attack which is the TCP SYN flood attack, the Teardrop attack, the Botnets and etc.
In the TCP SYN flood attack, the attacker perform attacks at the “three-way handshake” mechanism. SYN packets were sends repeatedly to every ports of the targeted server, using fake IP addresses. Unawareness of the targeted system request to establish communication and responds to each attempt with SYN-ACK packet from each open port. Finally, the attackers doesn’t send back ACK packet or sometimes the IP address is spoofed, the SYN-ACK packet will not received by the attacker, leaving the server wait for the acknowledgement of its SYN-ACK packet for some times. During this period, the server cannot close down the connection by sending RST packet ( which uses to terminate communication during three-ways handshake mechanism).Before the connection time out, another SYN packet will arrive, leaving behind a large number of half-open connection. Eventually, the server’s connection overflow table fill, making the real client to be denied, or sometimes, the server will crash or malfunction.
Statistics
From the above chart, we can observe that the China had the most attack followed by the U.S and South Korea. We can see that, China’s attacks has slightly decreased from 63.30% to 59.18% from between Q3 and Q4 but U.S and South Korea were in increase which is 12.98% to 16.00% (U.S) and 8.70% to 10.21% (South Korea) respectively.
According to the chart, China again will be the most attacked target even though it is obvious that the attacks had decreased from 51.84% to 47.53%.Then the U.S and South Korea still topping the chart with 19.32% and increased to 24.10% and 10.37% increased to
South Korea 9.62% respectively. Russia was originally in the chart at Q3 of 2017, but drop out of the chart at Q4.
The chart shows the types and duration of DDoS attack. According to the chart, SYN attack has the most numbers out of the another 4 DDoS attack. The reason behind this was, SYN attack is simply yet destructive to the targets.
Impact
In DDoS attacks, disruptive of essential systems will be made to avoid the systems function properly. This is critical as a normal running system will be affected such as the ticketing system of a train station, the navigation system of an airplane and etc. What if the system of train station of Tokyo got disturb for just 5 minutes? The Tokyo train station has average of 500,000 passengers every day and it will be a big mess when a large number of people cannot travel from one place to another and just stucked at the train station. Then, it will be terrible if the airplanes fly in the sky halfway, and suddenly, the navigation system is disturbed, right? The modern world now is basically works on systems. Without systems, a lot of activities will not able to be carried and many many lives will be threatened.
Other than essential system, the attacker will also target big companies to disturb their systems indirectly benefits them and causing lost to the targeted company. Alibaba, Amazon are the famous virtual shopping for people nowadays. It does not only brought convenience, but also cheaper products to the consumer/buyer. What the attackers trying to do will be performing DDoS attack on the servers, making the servers unable to accessed by the users and hence, losing the benefits. This is said indirectly benefits to the attackers when the company server’s down does not bring any benefits to the attacker, but it is to those competitor of the same field. Maybe, the attackers were hired by those competitor. Through this, the attacker will be rewarded with some benefits.