Denial-of-Service Attacks: A Technical Odyssey from Past to Quantum Future

In the intricate realm of cybersecurity, the saga of denial-of-service (DoS) attacks unfolds across the annals of computing history. In 1974, Ray Tomlinson, the inventor of email, inadvertently launched the first recorded DoS attack when he accidentally flooded the ARPANET with messages. From that fateful event to the disruptive Meris botnet of 2021, the evolution of these attacks mirrors technological progress and underscores the increasing sophistication of threat vectors.

As we embark on a journey through the historical nuances, recent trends, and prospective challenges of DoS attacks, our narrative intersects with the potentially transformative impact of quantum computing on this cyber threat.

A Historical Deep Dive

The roots of DoS attacks delve into the embryonic stage of computer networks during the 1970s. Ray Tomlinson, the progenitor of email, unwittingly etched the first recorded DoS incident by inundating the ARPANET with messages in 1974.

The field was developing in the 1980s. In that period, several new types of malicious activities emerged. For instance, in 1988, a 23-year-old student at Cornell named Robert Morris created a worm that was later called 'the Morris Worm.' It was one of the earliest and most infamous computer worms. It spread rapidly across the early Internet, infecting thousands of UNIX-based systems. The worm was not intended to cause damage but ended up significantly slowing down many computers, leading to the first conviction under the Computer Fraud and Abuse Act.

The most interesting developments in the field were made in the following decade. In the 1990s, one of the common concerns was the "Ping of Death." This attack involved sending a malicious package to a computer. Typically, it was broken into smaller parts. When the target computer attempted to reassemble it, the system couldn't handle the size, leading to a crash. This vulnerability also created an opportunity for attackers to inject harmful code into the system.

What made the "Ping of Death" stand out was its simplicity and widespread impact. It could impact various operating systems such as Unix, Linux, Mac, and Windows, exploiting vulnerabilities that existed at that time. Fortunately, as the late 1990s arrived, security experts identified and fixed these vulnerabilities, rendering the "Ping of Death" a thing of the past.

In 1996, Panix Networks became a notable victim of an attack, highlighting the increasing threats to early internet infrastructure. Panix, one of the oldest and most prominent internet service providers (ISPs) at the time, faced an intrusion that disrupted its services, raising concerns about the vulnerability of foundational internet structures. Although specific details of the attack may be limited in publicly available records, the incident underscored the growing sophistication of cyber adversaries.

The 2000s witnessed the emergence of distributed denial-of-service (DDoS) attacks. A consortium of hackers orchestrated synchronized assaults on major services, including Amazon, eBay, Dell, and CNN. This marked a pivotal moment, demonstrating the potency of large-scale, coordinated attacks and exposing vulnerabilities in interconnected networks.

Amid the rising security threats in the early 2000s, Microsoft introduced STRIDE, a threat modeling framework designed to help software developers and security professionals systematically identify and mitigate security threats during the design and development phases of a software project. STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, representing different categories of security threats.

The New Epoch of DDoS

Between 2010 and 2016, the cybersecurity landscape continued to witness complicated and impactful attacks. The Stuxnet worm, targeting Iran's nuclear infrastructure in 2010, exemplified the potential of state-sponsored cyber warfare. The 2014 Sony Pictures hack exposed sensitive internal communications and was attributed to North Korean retaliation. Significant data breaches affected millions, including the Anthem Health breach, compromising 80 million records, and the OPM breach, exposing 20 million federal employee records.

Additionally, in 2016, the Mirai botnet surfaced as a harbinger of unprecedented DDoS onslaughts. Mirai exploited vulnerabilities in Internet of Things (IoT) devices, morphing them into a colossal army of remotely controlled, infected machines. This heralded a paradigm where DDoS attacks reached staggering levels, measuring in petabits of data per second.

The Mirai incident highlighted the urgency of fortifying security measures to immunize IoT devices against cyber exploitation. Another noticeable event in the history of cyber attacks is a rise of Meris, that is a botnet behind a series of DDoS attacks that have targeted thousands of websites around the world in 2021. It was originally detected in late June that year by Qrator Labs. This  research identified 30,000 to 56,000 bots, with a note that numbers were actually much higher, in the ballpark of 250,000 bots. Later, Cloudflare  mentioned the attack reaching 17M requests per second, which was almost three times larger than ever before.

The Landscape of DDoS Attacks

According to Qrator Labs - a global DDoS filtering network based in Eastern Europe - there is an array of DDoS attack types and severities. The company explains that one approach to classifying DDoS attacks is based on what level of the network the attackers are targeting:

L2 – attacks on channel capacity exhaustion, so-called "volumetric attacks"

L3 – attacks on network infrastructure and equipment

L4 – attacks aimed at the TCP/IP Internet protocol stack

L5-L6 – attacks on encryption mechanisms (TLS/SSL)

L7 – attacks on network application protocols (HTTP, DNS, XMLGate)

Volumetric attacks means that hackers try to overload network communicators with an excess amount of data. Protocol attacks target specific network protocols, such as TCP or DNS. Application-layer attacks target particular web applications or protocols.

Several other DDoS attacks include resource exhaustion attacks, desynchronization attacks, and service disruption attacks.

Recent Trends and Future Challenges

As technology marches forward, so does the sophistication of DDoS tactics. Recent trends indicate rise of DDoS UDP and HTTP attacks, coupled with the deployment of types of reflection attacks. The latter utilize a third-party server to amplify the attack by reflecting or bouncing malicious traffic off of these servers, such as the attack in 2016 on Dyn - a former internet performance management company - which was targeted by a DDoS reflection attack that used vulnerable DNS servers to generate over 1.2 terabits of traffic per second. The attack disrupted the DNS services of many major websites, including Twitter, Netflix, and Amazon.

In 2021, the magnitude of such attacks reached unprecedented levels. In November of that year, Microsoft successfully countered a DDoS assault aimed at an Azure client, registering a staggering throughput of 3.45 Tbps and a packet rate of 340 million PPS — marking it as potentially the most massive DDoS attack ever documented. Additionally, 2021 witnessed a surge in the utilization of DDoS as leverage to extort ransom payments, either to halt ongoing attacks or prevent their initiation.

And things aren’t slowing down. As this report from Q3 2023 shows, the number and length of attacks continue to increase.

Knowledge and access will determine the future

In retrospect, the chronicles of denial-of-service attacks unfurl as a dynamic saga shaped by the ever-evolving interplay of technology and cyber threats. The imminent advent of quantum computing introduces a new dimension, augmenting the challenges and avenues for defense against DDoS attacks.

Cybersecurity professionals are compelled to maintain vigilance, navigating the technological currents to devise strategies that not only shield against evolving threats but also harness the potential advantages offered by quantum computing for a fortified defense. In this intricate dance between offense and defense in the digital arena, adaptability, collaboration, and proactive measures emerge as the linchpins of effective cybersecurity. Ultimately, whoever understands the latest technology and techniques best and has access to them first holds the power to attack or defend.