Skip to main content

The evolution of DDoS

Despite the ever-changing arsenal of today's hackers, the Distributed Denial of Service (DDoS) attack has remained a permanent fixture since it burst onto the scene, striking fear into the hearts of businesses all over the world as critical processes become increasingly reliant on network access.

Seemingly every day, the strength at which such attacks are administered reaches new heights, now being registered at 500Gbps, representing a 60 times increase in 11 years. Perhaps most worrying, however, is the diversity that the DDoS attack has shown since it first appeared, evolving almost constantly to evade cyber-defences.

It seems as though we’ve been talking about DDoS for a long time now. In fact, basic DoS attacks existed before the commercial internet, but it wasn’t until the turn of the millennium that DDoS attacks began tormenting businesses. Now simple, cheap, usually anonymous and more accessible to the common individual than ever before, businesses from a range of industries have been targeted by DDoS attacks.

Recent high-profile victims include GitHub, Ashley Madison, Carphone Warehouse and TalkTalk, showing that these methods remain as potent as ever. Let’s take a look at some of the techniques and trends that have emerged recently:

DDoS extortion

Ironically, the first tactic aims to be effective without launching an attack. The modus operandi of extortion attacks see victims receive an email explaining who the attackers are and even linking to some recent blogs written about them and their tactics. Eventually, protagonists state that unless a fee is paid (usually around 40 Bitcoin but demands can go into the hundreds), a large-scale DDoS attack will be launched.

An additional trend we are seeing across the majority of emerging tactics is that they are often employed as diversions. While victims are focusing defences on high-volume attacks, hackers are actually targeting a local application. Therefore, offenders aren’t necessarily aiming to disrupt a website or service, but instead steal personal or financial data by gaining access to an application with a secondary assault.

Dark DDoS

The perfect example of how techniques have evolved, Dark DDoS takes advantage of that fact that most IT departments can only detect attacks above 1GB per minute. Cyber-criminals therefore send out constant, low-volume bursts over a longer period, so low in bandwidth that the victim is unable to detect them. This method is becoming an integral facet to a hackers’ toolkit, used as a distraction, or as an active part of a sophisticated multi-layered attack. 

Dark DDoS is less focused on the traditional purpose of denial of service attacks and are more aggressive, targeting the security architecture of individuals’ devices rather than simply disrupting a service. It is a technique growing particularly quickly, as the non-detectable threshold in which it is conducted allows cyber-criminals to torment organisations while keeping security teams and traditional scrubbing solutions blind to the threat.

DDoS as-a-service

The simplicity of administering a DDoS attack is demonstrated by its availability on online professional marketplaces. Previously only available on the Dark Web, hacking services can now be purchased for as little as £10 for half a day, heralding the rise of DDoS as a commodity.

Often originating as ‘stressers,’ through which businesses buy DDoS services in order to test their own cybersecurity, providers of these services have been known to offer to target any servers. Many organisations now targeted with cyber-attacks have voiced suspicion that competitors may be responsible behind the scenes, given that DDoS-as-a-service allows any individual or business to wage cyber-war for the price of a t-shirt.

Pre-empt the inevitable

It's simple - the average DDoS attack is now more than strong enough to bring a business down. Now a matter of when not if, taking no preventative action is not an option. Better collaboration between government, law enforcement and businesses is all very well, but given that organisations could be immobilised anytime, they need measures which can be implemented now.

It is imperative that organisations define their DDOS mitigation strategy in order to be better prepared for upcoming risks. Given the rise of techniques like Dark DDoS, it is often not clear if a business is being targeted. Therefore, it’s more important than ever to ensure that web traffic is being constantly monitored for irregularities and that they have the measures in place to react rapidly.

An important method is the employment of on-premises and cloud-based anti-DDoS technologies, so as to allow the mitigation of both local-level attacks targeting the application layer and attacks launched from outside the infrastructure, as well as services that can clean malicious traffic before it gets to the network. One or the other just won’t do; a hybrid approach is key to protecting against the range of weapons now at hackers’ disposal. This platform diversity within DDoS mitigation is critical, so that organisations always have the range of technology and therefore flexibility to react to any attack.

Undoubtedly, the number of DDoS attacks has increased and motivations are complex, and yet businesses seem more vulnerable than ever. DDoS has evolved from a one-dimensional nuisance into a multi-faceted threat often hiding sinister ambitions. Today, many hackers are using DDoS as a means to an end, a smokescreen hiding a much more damaging, malicious intent that could see sensitive business data compromised.

Therefore, it’s vital that businesses are equipped to appropriately counter diverse threats – it’s time to act now, or risk potentially catastrophic consequences. 

Gad Elkin, Head of EMEA Security, F5 Networks

Image Credit: Profit_Image / Shutterstock