What Is a Permanent DoS (PDoS) Attack?

Apr 7, 2021 | Cybersecurity, Insights

A Permanent Denial of Service attack, or a PDoS attack, is a denial of service via hardware sabotage. One method of conducting a PDoS attack is commonly referred to as phlashing. These PDoS attacks have become increasingly popular with hackers as more and more businesses have moved to cloud computing. This can happen in a number of different ways, but one thing is for certain, a PDoS attack could damage your business.

That’s why it’s so important to understand what this threat is, where it comes from, and what you can do about it when you’re faced with a PDoS attack. We take these threats seriously and are proactive in our approach to defending our servers from PDoS attacks. It’s why our Texas 2 center has many layers of security and protection. We know threats like PDoS attacks could damage a business’s infrastructure, so security should be a foundational priority for organizations.

Hackers use “phlashing” for PDoS attacks

One method of conducting these PDoS attacks is commonly referred to as phlashing. During such an attack, an attacker bricks a device or destroys firmware, rendering the device or an entire system useless. This is one method to exploit vulnerabilities and replace a device’s basic software with a corrupt firmware image. In this scenario, the victim has no other choice than to repair the device or buy a new one to restore operations.

PDoS attacks have been increasing over the last few years. These tactics have begun to gain traction with hackers. Radware, a leading cybersecurity firm, predicted in their 2017 Global Application & Network Security Report that this type of attack will be on the rise that year. They were right. As of 2020, PDoS attacks are more popular than they’ve ever been. Especially as we’ve placed even more emphasis on the Internet of Things.

Why care about PDoS attacks now?

Experts have argued that PDoS attacks won’t become common because they wouldn’t be as lucrative for cybercriminals as other types of attacks. The attacks are irreversible, and so attackers could not demand a sum of money to stop the attack. The only way to make money would be to threaten a PDoS attack in the hopes an individual or organization would pay up to prevent it. In our opinion, that view is short-sighted.

The recent global Petya attack proves that hackers can be motivated to conduct widespread attacks solely for the purpose of wreaking havoc, not for financial gain. Experts determined the Petya virus to be a wiper and not true ransomware. Victims were unable to get their files back, whether they paid the ransom or not. Experts say the ransom demand was likely a distraction to help cover the attackers.

Another reason to implement PDoS attacks is they could save attackers time and resources compared to the more common DDoS attacks. During a DDoS attack, attackers must continue to engage for as long as they want the attack to persist.

The sheer number of devices connected to the Internet of Things provides more opportunities for PDoS attacks with greater financial consequences. Gartner, Inc. predicted 20.4 billion devices to be connected by 2020 just three years ago. Now, with internet connectivity incorporated into just about everything, that number seems very low.

How to minimize the risk of a PDoS attack

Assess your organization’s risk for PDoS attacks and keep your devices patched and upgraded. Rich Smith, head of research at HP Systems Security Lab, told Dark Reading there is no magic bullet to prevent these attacks, but companies should ensure flash update mechanisms have authentication so that only authorized administrators can perform updates. To help prevent physical attacks, make sure your organization’s infrastructure is protected with 24×7 security.

At our Texas 2 data center, we employ around the clock, 24/7/365 on-site security. It’s better to be proactive than wait.

Follow best practices to secure your network and ensure network protection devices are up to date to recognize the latest threats. Interested in learning more about how our Texas 2 Data Center prevents security compromises like PDoS attacks? We’d love to show you in person.

Schedule a tour or Get a quick quote