Denial of Service
Denial of service is the prevention of authorised access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided) (NIST, 2017).
Primary reference(s)
NIST, 2017. Computer Security. An Introduction to Information Security. Special Publication 800-12 Revision. National Institute of Standards and Technology (NIST). Accessed 25 January 2025.
Annotations
Additional scientific description
A Denial of Service (DoS) renders a computer system or network unavailable to its intended users by overwhelming it with external inputs (e.g., incoming web traffic), in which cases it takes the name of Distributed Denial of Service (DDoS) or exploiting its vulnerabilities to exhaust the computational resources. This disruption denies users access to services and information, causing significant operational and financial impacts (CISA, 2021).
Distributed denial of service (DDoS) attacks remain a persistent nuisance on the Internet. They exploit the fact that the Internet lacks centralized access control. Since this vulnerability was a core design decision of the early Internet, DDoS attacks have persisted. Early attacks were related to hacker culture, but their focus quickly changed to commercial exploitation. There have also been a number of political uses of DDoS, including cyberwar, hacktivism, and terrorism (Brooks et al, 2021).
The use of DoS and DDoS is well documented in cybersecurity history. Early attacks can be found already in the early internet era, with one of the first incidents occurring in France in 1995, followed the next year by a major incident against Panix, a New York City-based internet service provider (Brooks et al, 2021). Over the years, these attacks have evolved in complexity and scale, exemplified by the 2016 botnet attack powered by Mirai malware, which leveraged Internet of Things (IoT) devices to launch a massive DDoS attack, disrupting major websites worldwide (CISA, 2017).
DoS can result from human errors (such as misconfiguration), other incidents (such as power failure), or deliberate attacks. Various techniques are employed in DoS attacks. The primary distinction lies between DoS and DDoS attacks. A DoS attack usually originates from a single source targeting a system, while a DDoS attack involves multiple compromised systems, often forming a botnet, to flood the target simultaneously, making defence significantly more challenging. The increasing number of connected devices - especially in the context of the Internet of Things (IoT) boom - is also increasing the risk of DDoS attacks occurring since each connected device can potentially become part of a botnet.
A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. A denial-of-service condition floods the targeted host or network with traffic until the target cannot respond or simply crashes, affecting email, websites, online accounts (e.g., banking), or other services. DoS attacks can cost an organization both time and money while their resources and services are inaccessible.
DoS attacks can be further categorized based on method: volume-based attacks overwhelm the bandwidth of a network (e.g., flooding a website with excessive traffic), whereas attacks exploiting computational limitations involve sending malformed requests or initiating infinite loops to exhaust computational resources.
DoS attacks can escalate to national hazards when they target critical infrastructure. A precedent is the 2007 cyber-attacks on Estonia, where coordinated DDoS attacks crippled government, banking, and media websites, leading to widespread disruption and highlighting vulnerabilities at the national level (Ottis, 2008).
DoS attacks are commonly employed by malicious actors due to their relative ease of execution and potential for significant disruption. Every year, data registers large numbers of DoS and DDoS incidents, making them one of the most prevalent forms of cyber-attack (Bergamini de Neira et al, 2023). In 2024, NETSCOUT reported over 13 million DDoS attacks globally, with rising trends in multi-vector attacks (NETSCOUT, 2024).
Drivers
One of the most critical factors leading to the increase in DDoS is the proliferation of unsecured IoT devices. The extensive connectivity and insufficient security protocols in modern networks provide fertile ground for attackers to exploit vulnerabilities and launch successful DoS attacks.
Impacts
A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network. (CISA, 2021). DDoS attacks can exacerbate healthcare or financial system failures during natural disasters or pandemics." (ENISA, 2023).
Multi-hazard context
Not Available
Risk Management
Minimizing the risk of DoS involves a combination of technological and strategic measures. Implementing robust network security protocols, utilizing intrusion detection and prevention systems, and adopting AI-driven security solutions enhances an organization's resilience. Additionally, strategies, like rate limiting, traffic filtering, and employing content delivery networks, help mitigate the impact of attacks.
Artificial intelligence can also play a critical role in protecting against DoS. Artificial intelligence systems can analyse network traffic to identify anomalies, enabling real-time detection and response, enhance the capability to filter malicious traffic, allocate resources dynamically, and predict potential threats based on patterns and behaviours.
The ITU improves cybersecurity readiness, protection, and incident response capabilities of Member States by conducting CyberDrills at the regional and international level (ITU, no date). A CyberDrill is an annual event during which cyber-attacks, information security incidents, or other types of disruption are simulated to test an organization’s cyber capabilities, from being able to detect a security incident to the ability to respond appropriately and minimize any related impact. Through CyberDrills, participants can validate policies, plans, procedures, processes, and capabilities that enable the preparation, prevention, response, recovery, and continuity of operations.
Monitoring
Not Available
References
Bergamini de Neira, A., Kantarci, B. and Nogueira, M., 2023. Distributed denial of service attack prediction: Challenges, open issues and opportunities. Computer Networks, 222(C), Feb. DOI: 10.1016/j.comnet.2022.109553 Accessed 3 April. 2025.
Brooks, R.R., Yu, L., Ozcelik, I., Oakley, J. and Tusing, N., 2022. Distributed Denial of Service (DDoS): A History. IEEE Annals of the History of Computing, 44, pp.44–54. Accessed 3 April 2025.
Cybersecurity and Infrastructure Security Agency (CISA), 2017. Heightened DDoS Threat Posed by Mirai and Other Botnets. Accessed 3 April 2025.
Cybersecurity and Infrastructure Security Agency (CISA), 2021. Understanding Denial-of-Service Attacks. Accessed 3 April 2025.
European Union Agency for Cybersecurity (ENISA), 2023. ENISA Threat Landscape 2023. Accessed 3 April 2025.
International Telecommunication Union (ITU), no date. CyberDrills. Accessed 3 April 2025.
NETSCOUT, 2024. Threat Intelligence Report 2024. Accessed 3 April 2025.
Ottis, R., 2008. Analysis of the 2007 Cyber Attacks against Estonia from the Information Warfare Perspective. In: Proceedings of the 7th European Conference on Information Warfare and Security, Plymouth, 2008. Reading: Academic Publishing Limited, pp.163–168. Accessed 3 Apr. 2025.
National Institute of Standards and Technology (NIST), 2017. Computer Security: An Introduction to Information Security. Special Publication 800-12 Revision 1. Gaithersburg, MD: U.S. Department of Commerce. Accessed 3 Apr. 2025.