The story so far: South African news portal, Daily Maverick, alleged it was hit by a DDoS cyberattack from India forcing it to block its entire domain of India to protect its site. The alleged attack was launched a day after the portal reported that Indian Prime Minister, Narendra Modi, refused to disembark from his aircraft at Waterkloof Air Force Base in Pretoria for the 2023 BRICS Summit, until Deputy President Paul Mashatile welcomed him. The news site also reported that South African President Cyril Ramaphosa welcomed Chinese President Xi Jinping when he arrived for the summit, and that the Deputy President was only dispatched to receive the Indian PM after he refused to exit the airplane.
What is Daily Maverick, and how was it attacked?
The Daily Maverick is a South African online news portal and weekly print magazine that publishes investigative reports, news analysis, and opinion pieces. A day after the portal claimed that PM Modi refused to exit his aircraft, the portal alleged it was hit by a Distributed Denial of Service (DDoS) attack. The portal claimed the attack originated from India, and that it was aimed at denying Indians access to the story.
The site was subject to a DDoS attack with the obvious purpose of denying Indians access to the story, Daily Maverick’s CEO Styli Charalambous told Scroll. The attack is said to have left the media outlet with no other option other than to block the entire domain of India to protect the site.
Daily Maverick’s security coordinator, in a statement, noted that the attack originated from India. The news portal’s website is currently inaccessible in India, despite trying to connect via VPN.
The South African government called every aspect of the report from Daily Maverick a ‘lie.’ It said the Deputy President was well aware ahead of time that the Indian PM would be arriving, and that he would be receiving him.
Daily Maverick has not responded to The Hindu’s query on the attack.
What is a DDoS attack?
DDoS takes advantage of specific capacity limits that apply to any network resources. These include the infrastructure that enables a company’s website to operate smoothly. In a DDoS attack threat actors send multiple requests to the victim’s web resources with the aim to overwhelm them thereby compromising their ability to function correctly.
DDoS attacks aim to overwhelm network resources, which have finite limit to process requests from users. Additionally, servers and channels that connect the server to the Internet will also have a finite capacity to process requests. As such, they are often launched by creating bots that operate a “zombie network” of computers infected by threat actors. These “zombie networks” are created using a large number of infected computers increasing the scale and success rate of the attack. They often affect services by either slowing them down in responding to requests or denying requests for all or some of the users.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
What are the most common types of DDoS attacks?
While there are multiple ways to launch a DDoS attack there are two broad categories depending on the attack vectors. These are Application layer and Network layer attacks.
In an Application layer attack, threat actors target certain programmes or software that a website uses in its day-to-day functioning. Attackers make use of the inability of certain applications like WordPress installation, PHP scripts, or database communication to handle loads that can be handled by wider network infrastructures. Therefore, a comparatively small DDoS of a few megabytes per second can be used to take down a site.
In these attacks, threat actors may trigger a command to recover static content, like a web page or an image on it in a loop to overburden a website.
A Network Layer attack similarly works by flooding the infrastructure used to host a website with vast amounts of data. In this form of attack, threat actors will make use of the fact that a website that may be handling 15-20,000 page views in a month is flooded with requests of very numbers in a very short span of time thereby overwhelming the website’s network.
What are the countermeasures against DDoS attacks?
The most common form of self-defence against DDOS attacks is that the hosting provider will simply cut off hosting the website until traffic normalises. The step is necessitated by the spillover of requests for a website in a Network Layer attack onto other websites, which could affect other clients of the host.