Is DDoS dead?

Distributed Denial of Service (DDoS) attacks that are carried out by a botnet (a network of compromised computers) to overwhelm the processing power of the victim computer, effectively taking it out of commission, have been around for a while.

Peaking in 2000 with high profile attacks against Yahoo, eBay, CNN.com, Amazon.com and other e-commerce sites, they evolved in 2010 to be used by Hacktivists such as Anonymous in their Operation Payback, which escalated into a wave of attacks on major pro-copyright and anti-piracy organisations, law firms, credit card and banking institutions.

Traditionally, DDoS attacks were network‐based. In such volumetric-based attacks, the attacker flooded the victim computer with information, taking up all of the victim computer’s bandwidth and infrastructure, overwhelming the victim computer’s ability to process the volume of information.

Scripts for such attacks have become readily available on the Internet, as well as the Darknet. Therefore, it seemed as if DDoS was “old news.”

Don’t Dismiss DDoS Just Yet

DDoS attacks against HSBC, the BBC, and the Internet’s core servers brought DDoS back into the headlines. Attacks by Anonymous, ranging from attacks on NASA, Nissan, the city of Denver and Donald Trump, added to the notoriety of DDoS attacks.

According to Akamai’s latest State of the Internet report, in 2015 there was a 148.85 per cent increase in total DDoS attacks over 2014. DDoS attacks have become shorter in attack duration (14.95 vs. 29.33 hours) and more complex, using multi-vector attacks more frequently.

Reasons why DDoS is Alive and Kicking

  • DDoS as a commodity: DDoS turn-key operations are available from rogue groups, hacktivists, and the like who set up mass unbiased attacks, offering their botnets as-a-service for spamming and for DDoS attacks. A small 50-botnet setup is fairly inexpensive (between $250-500), with larger botnets going for a few thousand dollars and even larger ones that can be leased by the hour or day from botnet herders. This fairly simple way of purchasing an attack makes it accessible to hacktivists, disgruntled employees or consumers. As a result, it substantially increases the risks of more businesses falling victims to DDoS attacks.
  • An easy way to cause substantial damage in a short time: The extent of damage from a DDoS can be great: An average DDoS attack can cost a company between $52,000 and $444,000, depending on the business' size. The damage can include loss of critical business information, inability to carry out the business’ operations, loss of business opportunities and contracts, a negative impact on the company's credit rating, and an increase in insurance premiums.

DDoS has evolved and continues to evolve

DDoS attacks are becoming more accessible and varied:

  • More sophisticated methods: In addition to attacks on the infrastructure, many DDoS attacks are application-based. By exploiting the application or program, these attacks use less bandwidth, making them more difficult to detect. Targeting specific services by exhausting their resources, this more sophisticated type of attack can render a web server inaccessible, while leaving all other services intact. Instead of spending time and efforts in building and maintaining DDoS botnets, unsecured devices, service protocols routers, and ownership of other infrastructure are exploited to initiate these attacks instead of simple endpoint. Such methods send malicious queries at high rates from servers, indirectly overwhelming the victim with the response packets. This indirect nature of the attack makes it more difficult to mitigate.
  • More targeted attacks: In the past year, attacks have been found to take place on a smaller scale, but be more effective. The attacks are equally motivated by monetary gains and hacktivism. Also, according to Akamai’s latest State of the Internet report, the increase in attacks was caused by repeated attacks on the same victims. The online gaming sector accounted for slightly over 50 per cent of all DDoS attacks in 2015, followed by software and technology, with financial services, media and entertainment, Internet and telecom, retail and consumer goods, education, and the public sector all trailing behind.
  • A means to new ends: ransomware: New types of larger scale attacks are using DDoS for attacks on a larger, more serious scope. Extortion attacks, such as the one waged by DD4BC, which targeted online casinos and banking institutions, use DDoS attacks to disrupt online services until a ransom is paid. DDoS is also used as a distraction to exploit the systems in order to insert malware on the network or extract personal identifiable information, credit card numbers or bank account information from files and then threaten to publish it.

The next step: Expansion of DDoS attacks into new areas

Due to their connection to a network, IoT devices could be manipulated for launching a DDoS attack, similarly to servers in a botnet. Many IoT devices run on known operating systems and share the same cryptographic key, making them vulnerable to be exploited by DDoS attacks. The exploitation of CCTV cameras for a DDoS attack instead of a typical computer botnet is a prime example of this type of attack.

Cybersecurity experts expect DDoS to continue being a serious threat to organisations in 2016, growing both in size of attacks and in the chances of becoming a victim of an attack. Protection requires a multi-faceted approach that goes beyond relying solely on firewalls threats. Attacks must be identified on the endpoint and network level, and prevented in real-time.

Critical steps include: incorporating DDoS threat prevention steps into the company’s cybersecurity strategies, monitoring the company’s network and maintaining logs of normal traffic volumes, using a secured Domain Name System (DNS), protecting Internet-facing systems and applications while keeping them fully patched, as well as working with ISP and DDoS mitigation services providers.

Guy Caspi is CEO of Deep Instinct

Photo Credit: Duc Dao / Shutterstock