A disc operating system (DoS) attack interferes with computer hardware by slowing it, temporarily disrupting it, or shutting it down completely. We can compare this to the effect a stroke has on the deep layers of the human brain. We introduce two forms of these crimes here.
The first assault is physical ‘phlashing’ that damages a hardware device to the extent it cannot be used again, and the data is lost. The second is a massive cyber-attack from a remote source that temporarily or permanently cripples the equipment.
These forms of sabotage are growing in popularity among cyber criminals because they introduce the possibility of disrupting data-dependent organizations with relatively little effort.
How Physical ‘Phlashing’ Attacks Work
A criminal may be able to enter an insecure facility, and physically upload a corrupted basic input/output system (BIOS) from a portable device. They could also achieve the same by administering it through the general management interface.
They could for example replace device firmware with modified, corrupt, or defective firmware images. Technicians call this process ‘flashing’ when done legitimately and phlashing when it’s not.
These permanent disc operating system (PDoS) attacks are conducted by a person in attendance. For example, there’s a $3 USB device on the open market that a Russian hacker modified into a ‘computer killer’ in a video. This originally innocent air purifier plugs into any USB interface-enabled device.
Slide it into the slot and it releases a 220-volt negative surge that wrecks critical components although it may be possible to replace them. If you do not have your servers and routers in a safe environment, then $3 and watching a video could be all it takes to destroy them.
There is growing evidence that bots and malware can overheat a smartphone by maxing out its computing power. This can cause the lithium battery to bulge and conceivably explode. The same is therefore possible with laptops.
Denial-of-service Attacks on Computers
Thus far we have spoken mainly of permanent disc operating system (PDoS) attacks with a person present, and the mission criticality of physical security. As Data Colocation centers eliminate these possibilities, criminals are turning increasingly to the internet for alternatives where they do not need to be physically present.
Transient denial-of-service DOS attacks occur when a malicious perpetrator chooses to prevent regular users contacting a machine or network for its intended purpose. The effect may be temporary, or indefinite depending on what they want to get back for their effort.
They achieve their goal by flooding the targeted resource / machine with unnecessary messages, and thereby overloading the system to the extent it can no longer perform its normal routines. A more extreme distributed denial-of-service attack (DDoS) cloaks its origin by attacking from a number of sources and can be impossible to stop.
We can compare this effect to a crowd of people trying to stampede a ‘Black Friday’ sale, jamming the entrance, and making it impossible for other customers to enter.
Why Are These Attacks Increasing, What Has Changed?
Experts originally believed the effect of permanent PDoS attacks would be limited, because they thought criminals would find the pickings elsewhere more lucrative. After all, why would a victim want to pay when the damage is forever, and they cannot reverse out? However, there are signs criminals are using PDoS threats as extortion.
The 2017 Petya attack took ransomware to new heights by disabling computers for the pure purpose of causing havoc. However, most victims were able to recover without paying when experts discovered Petya was only wiping software. It’s an open question whether the oversight was intentional.
Some malicious trolls may find these permanent disabling attacks more effective than taking the route via distributed devices. The Netherlands drew a line in the sand when it accused Russia of cyberwar although the latter claimed ‘a misunderstanding’.
There are several lessons to learn from these attacks. The first is we now have a vast army of internet-of-things devices, and they are wide open to bot exploitation that is increasingly difficult to counter. The second lesson is we need military-grade security around our data. There is growing evidence the APT28 group of hackers has strong links with the Russian government.
And finally, we must learn to become smarter and more vigilant. That brings us to the core of this article. How do we know when we are under an attack on our DoS?
What Are the Symptoms of a Denial-of-Service Attack?
The United States Government is under increasing threat of attacks on its key installations. Therefore, its Computer Emergency Readiness Team (CERT) has issued Security Tip ST04-015. This identifies the following symptoms of a denial-of-service attack.
- Unusually slow network performance
- Slow opening files or accessing web sites
- Unavailability of a particular web site
- Inability to access any web site
- Dramatic increase in the number of emails (bombing)
Concurrent symptoms may also include (a) disconnection of a wireless or wired internet connection, and (b) long-term denial of access to the web or any internet services.
The report mentions the possibility of a sufficiently large-scale attack compromising “entire geographical regions of internet connectivity … without the attacker’s knowledge or intent”. This may occur because of “incorrectly configured or flimsy network infrastructure equipment.”
Your Best Defense Against a Permanently Disabling PDoS Attack
Your best hope lies in regularly patching and upgrading your devices so they are equipped to withstand these attacks. However, there is no single silver bullet to shoot down cyber monsters, and therefore ongoing vigilance is the key.
You should regularly review who has authority to flash-update your machines, and incorporate the close-out process in employee exit procedures. Finally, you can gain a great deal by ensuring your mission-critical equipment is in a secure space.
Colocation centers are among the securest silos for preventing physical attacks on hardware. Moreover they have specialists on tap to share trends in cyberattacks and solutions. When you need some help they are just a call away.