Context: In January 2025, web-based portal Kaveri 2.0, which streamlines property registrations in Karnataka, faced server outages and performance issues. The investigations concluded that it was due to a motivated Distributed Denial of Service (DDoS) attack using automated tools or bots.
Fake accounts were created, and entries were made into the database using these accounts, overwhelming the system.
Relevance of the Topic: Prelims: Key facts about Distributed Denial of Service (DDoS) attack; Kaveri 2.0 Portal.
What is a DDoS Attack?
- A DDoS attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic.
- Unlike a Denial of Service (DoS) attack, which typically involves a single source, a DDoS attack leverages multiple compromised systems, often infected with malware, to generate the traffic.
- These compromised systems are collectively known as a botnet.
- Such attacks may be aimed at saturating the bandwidth of a particular site, exploiting weaknesses in the network protocol stack, or targeting specific weaknesses in applications or services.
Implications of DDoS Attack
- Disruption of services: DDoS attacks can lead to service downtime which render services unavailable, leading to a disruption or potential loss of revenue.
- Distraction to execute other attacks: DDoS attacks do not directly steal data, but they can be used as a distraction while other forms of cyberattack, such as data breaches are executed.
- Reputational damage: Organisations falling victim to DDoS attacks may suffer reputational damage, as customers and partners question their ability to protect against cyber threats.
- Financial losses: Downtime can lead to lost revenue, especially for e-commerce platforms and online services.
Read More: What is Distributed Denial of Service (DDoS) attack?
How can such attacks be mitigated?
To protect against DDoS attacks, organisations can implement:
- Advanced traffic filtering mechanisms to distinguish between legitimate and malicious traffic.
- Monitoring tools to help identify unusual traffic patterns and take pre-emptive actions.
- Enforcing rate limiting to control the number of requests a user can make in a given time frame, preventing the system from being overwhelmed.
- Bot detection technologies, such as CAPTCHA challenges and behavioural analysis, to identify and block automated tools or bots.
- Robust authentication mechanisms and regular security audits to strengthen the security of online services and prevent unauthorised access.
The DDoS attack serves as a wake-up call for organisations, particularly government agencies, to prioritise cybersecurity.
Kaveri 2.0 Portal:
- Kaveri 2.0 is a web-based portal launched by Karnataka in 2023 to reform land registration.
- It is the new online property registration system to enable a faster and more transparent registration process.
- It empowers citizens with vital information on stamp duty, property guidelines, and efficient data entry processes.