A distributed denial of service (DDoS) attack is an exceptionally malicious form of cybercrime where the hackers’ end goal is to take down a website or flood a corporate network with malicious traffic (such as incoming messages, fake pockets or requests for connection) to deny legitimate traffic and so take it offline. The victims of these types of attacks are in some cases initially threatened with a DDoS attack or only attacked at a low level. Cybercriminals employ this approach combining low-level attacks with threats of a devastating attack unless some form of ransom is paid.
This post kicks off with examples of what DDoS attacks are, followed by a discussion of why cybercriminals prefer DDoS attacks and how to guard against DDoS attacks.
Examples of DDoS attacks
One of the first DDoS attacks was recorded in 2000. The facts of the attack are briefly as follows: Michael Calce, known online as “Mafiaboy” hacked into the computer networks of several universities. Using their servers, he launched DDoS attack that crashed major websites such as CNN, E-Trade, eBay and Yahoo. In later years, Calce became a white-hat hacker working to fight cybercrime and identify vulnerabilities in the computer systems of major companies.
In 2016, Dyn, a leading DNS provider fell victim to a massive DDoS attack which took down the websites and services of, among others, AirBnB, CNN, Netflix, PayPal, Spotify, Visa, Amazon, The New York Times, Reddit, and GitHub.
But major websites and companies are not the only victims of DDoS attacks. The gaming industry as well as software and media companies have often been targets of DDoS attacks.
Why DDoS attacks and who are the attackers?
DDoS attacks are often launched to divert the attention of the target. This means that while the organization focuses on the attack, the cybercriminal pursues the actual goal which could be to install malicious software or to steal data.
DDoS attacks are synonymous with hacktivists, financially motivated cybercrime, nation states where a political agenda is the motivator, and cybercriminals seeking to make a name for themselves in the cybercrime industry.
What’s in it for them?
According to the NETSCOUT Threat Intelligence Report: “The DDoS landscape is driven by a range of factors, from malware authors to opportunistic entities offering services for hire. They are a busy group, constantly developing new technologies and enabling new services while utilizing known vulnerabilities, pre-existing botnets, and well-understood attack techniques”.
Kaspersky predicts that instances of cybercrime, specially DDoS attacks, will likely worsen. “When cybercriminals do not achieve their goals of earning money by launching simple DDoS attacks, they have two options, they can reconfigure the capacities required for DDoS attacks towards other sources of revenue, such as cryptomining, or malefactors who orchestrate DDoS attacks have to improve their technical skills.”
DDoS protection?
There are a few ways to protect yourself against cybercrime and specifically DDoS attacks. We have listed four below:
- The simplest solution for this form of cybercrime is to have on-prem equipment with sufficient capacity to absorb DDoS traffic, filtering out the malicious traffic and allow legitimate requests through, a process the industry calls scrubbing.
- Monitor your website’s inbound traffic and scrutinize it for irregularities. The sooner you pick up on an unusual spike in traffic, the bigger the chance of thwarting a DDoS attack.
- Rate limiting can be implemented on your server to ensure it’s not being overwhelmed during an attack.
- Add filters to your router to drop packets originating from suspicious sources.
Are you and/or your organization sufficiently protected against cybercrime and particularly DDoS attacks? Stage2Data in partnership with Heimdal Security offers prime Anti-Virus and Anti-Malware services. We now offer robust, multi-layered security products to combat next-gen malware, ransomware and other enterprise threats.