Threat actors carry out denial of service (DoS) attacks to disrupt the availability of an organization’s services and data. If successful, a DoS attack prevents people from accessing online services (e.g. email, websites, online accounts), information, and other network resources. Threat actors carry out DoS attacks (and are sometimes hired to do so) for different reasons, such as attacking for fun or attempting to disrupt a competitor organization or another country’s democratic systems during elections. DoS attacks are also used by hacktivist groups to protest political or social issues.
DoS attacks can target specific infrastructure, network applications, and other systems such as industrial control systems (ICS). In a DoS attack, the threat actor floods the target (e.g. a server hosting a website or an organization’s network) with traffic. The target is then overloaded by this traffic and cannot respond to it or the system crashes. When this occurs, a user may receive an error message when trying to access a website. Threat actors use different methods to carry out DoS attacks:
- Flooding attacks: Flooding attacks are the most common attack method. The threat actor repeatedly sends requests to connect to the target server but does not complete the connections. These incomplete connections occupy and consume all available server resources. As a result, the server cannot respond to legitimate traffic and connection attempts.
- Crash attacks: Crash attacks are less common. The threat actor exploits system vulnerabilities to crash a system.