Context:
The Kaveri 2.0 portal of Karnataka which is used for property registrations, faced performance problems possibly due to a cyber-attack in December 2024 and January 2025.
More on the news:
- Karnataka government officials blamed a suspected Artificial Intelligence-based Distributed Denial of Service (DDoS) attack for the recent crash of the Kaveri portal.
- As a result of the cyber-attack, property registration and document-related citizen services went almost to a standstill in the state.
- The Kaveri 2.0 portal was restored on February 5 after the DDoS attack.
What is a DDoS Attack?
A Distributed Denial of Service (DDoS) is a common technique used to temporarily bring down websites. It is not the same as hacking into a website. These are well-orchestrated attacks on the web servers of a website and the domain name servers.
A DDoS attack (Distributed Denial of Service) tries to disrupt the normal working of a website or online service by overloading the website with excess internet traffic.
The attack can saturate (fill up) the bandwidth of a website, or target weaknesses in the website’s system to make it stop working.
This causes service downtime, meaning the site cannot be used by people thus leading to disruptions.
Unlike a Denial of Service (DoS) attack, which typically involves a single source, a DDoS attack leverages multiple compromised systems, often infected with malware, to generate the traffic. These compromised systems are collectively known as a botnet. Impact of a DDoS Attack
Loss of revenue because customers can’t access the service.
Reputational damage because the company is seen as unable to protect against cyber threats.
DDoS attacks don’t steal data, but they can be used to distract while other attacks (like stealing data) happen.
Such attacks may be aimed at saturating the bandwidth of a particular site, exploiting weaknesses in the network protocol stack, or targeting specific weaknesses in applications or services.
While DDoS attacks do not directly steal data, they can be used as a distraction while other forms of cyberattacks, such as data breaches, are executed.
Types of DDOS attacks: DDoS attacks fall under three primary categories:
1. A volumetric attack overwhelms the network layer with falsely appearing legitimate traffic. This type of attack is the most common form of DDoS attack.
2. A protocol attack causes a service disruption by exploiting a weakness in the protocol stack layers.
3. A resource (or application) layer attack targets web application packets and disrupts the transmission of data between hosts.
Other Recent DDoS Attacks:
- In August 2024, Elon Musk’s X (formerly Twitter) was hit by a DDoS attack, causing service interruptions just before his planned chat with Donald Trump.
- In 2015, GitHub (Microsoft) was attacked by a botnet from China, aiming to shut down projects that helped people bypass Chinese internet censorship.
What must be done?
- It is important for organizations to prepare and implement strong protection strategies to protect their digital assets and maintain user trust.
Key Suggestions:
- Use advanced traffic filters to separate real users from harmful ones.
- Bot detection technologies, such as CAPTCHA challenges and behavioural analysis, can identify and block automated tools or bots. Limit request frequency to prevent excessive traffic.
- Perform regular security checks and improve login protection.
For the user, knowing about the risks of phishing and other social engineering attacks can help prevent account compromises. Companies can encourage the use of strong passwords and multi-factor authentication to enhance security.
Way Forward:
The DDoS attack is a wake-up call for organizations, especially government agencies, to focus on cybersecurity. The battle against DDoS attacks is ongoing, but with the right strategies and vigilance, organisations can safeguard their digital assets and maintain the trust of their users.