By: Chris Gale, EMEA Partner Director at A10 Networks
Distributed denial-of-service (DDoS) attacks continue to be one of the most prevalent methods hackers use to disrupt businesses. Involving the use of multiple systems (personal computers, smartphones, etc.), DDoS attacks overload an organization's network by generating web traffic that can't be accommodated by the system's capacity limits.
Unlike with other forms of cyber attacks, DDoS attackers run the gamut in terms of their technical prowess. With DDoS services available for purchase online, even the least tech-savvy teenager with a credit card is capable of taking down company web assets for hours and even days.
Due to the diversity amongst those carrying out DDoS attacks, ranging from high-school kids to state-sponsored hackers, the purpose behind separate incidents can vary significantly. For example, while an experienced cyber criminal may use a DDoS attack for diversionary purposes, a disgruntled employee may carry out an attack just for the sake of causing chaos. Chris Gale, EMEA Partner Director at A10 Networks at A10 Networks has mapped out some of the most common motives for these attacks and describes the tell-tale signs.
The least sophisticated form of DDoS is the hit-and-run attack. These come in a wide variety, targeting gaming services, consumer websites and various other high-visibility targets. These attacks aren't typically very strategic and are commonly executed by hackers causing chaos for attention or young cyber criminals testing their chops.
Considering these attacks are typically the least organized, and pulled off by the least technical individuals, they are the easiest to prevent. Unskilled troublemakers typically will use a paid service to pull off the attacks, making it costly to sustain long-term. By optimizing your network configuration, and utilizing technology with robust load balancing capabilities, the risks posed by these attacks are greatly minimized.
This category of attacks serves as a grab-all for incidents that don't fit into the more defined versions of a DDoS attack. As they are often poorly organized attacks on random companies, it is difficult to pin down specific warning signs. If you are a high-profile company that would make for good headlines, you can assume you've been the target of this sort of incident.
Government and state-run websites have been a common target for protestors and activists looking to make a statement via cyber means. Most commonly associated with the likes of Anonymous and other hacker collectives, these attacks are a slightly more advanced/targeted version of the hit-and-run. There is no true end-game in terms of tangible payoff — these attacks tend to be symbolic in nature.
By taking down government web assets, attackers cause headaches for officials looking to both save face and bring critical services back online. While there is little payoff for the hacktivists, the damage caused to operations and reputation is very real.
The ease of pulling off a rudimentary DDoS attack means that the hackers aren't always the usual suspects. For example, a recent survey from Kaspersky Labs found that 48 percent of companies who had experienced a DDoS attack believed their competition was responsible. While these statistics may be slightly inflated due to human paranoia, at least some of the attacks being reported fall into the category of B2B cyber crime.
Along with causing productivity declines that reduce the efficiency of a key competitor, companies perpetrating these attacks also aim to damage the target's reputation. While there are no direct monetary gains for the perpetrator, the indirect benefit of not having yourself associated with a cyber attack is enough to draw customers away from the competition.
Hackers have increasingly turned to DDoS attacks as a means of diverting IT's attention away from separate, and often times more damaging, behavior. When an attacker damages or completely brings down a company's network, the process for complete remediation can take days. Coupled with the fact that DDoS attacks are highly visible, both externally and internally, returning to business as usual becomes priority one for responders.
With the IT team's attention focused elsewhere, it is easy for otherwise alarming behavior to slip through the cracks. False-positives are already a common headache for those monitoring network activity, and during a time of crisis, it becomes much easier to neglect best practices and allow for incidents such as malware injection or data theft to occur.
You typically don't realize a DDoS attack is being used as a smokescreen for a larger security incident until it's too late. The best defense comes from ensuring that all normal cybersecurity processes are continued in the wake of an attack and never assuming the worst is over.
The last form of attack has the most obvious pay off for hackers: cold hard cash (or at least cold hard cryptocurrency). For companies involved in e-commerce, stock trading, customer service and basically any form of business requiring access to a website or portal, extended network downtime is not an option.
Depending on the resources of attackers, sophisticated DDoS attacks on improperly secured networks can be extended for days, costing companies thousands and even millions of dollars in lost business. Attackers know this and prey on businesses looking to cut their losses and pay their way out of the situation. The good news is these attacks are easy to categorize since they come in conjunction with a communication demanding a ransom. The bad news is the price tag (usually requested in Bitcoin) is at the complete discretion of the attacks, and as more companies pay up, the demands are only bound to increase.