Unlike with other forms of cyber threat, DDoS attackers are a mixed bag when it comes to their technical abilities. With DDoS services available for purchase online, even the least tech-savvy teenager with a credit card is capable of taking down company web assets for days at a time. Due to the diversity of DDoS attackers, who range from school kids to state-sponsored hackers, the aims behind separate incidents can also vary significantly. For example, while an experienced cybercriminal might use a DDoS attack for diversionary purposes, a disgruntled employee may carry out an attack just for the sake of causing chaos.
Below we map out the signs of the most common types of attack and the motives behind them, as well as tips on how to prevent yourself from becoming a victim.
This may be the least sophisticated form of DDoS but hit-and-run attacks still pack a hefty punch. These come in a wide variety, targeting gaming services, consumer websites and various other high-visibility targets. These attacks aren’t typically very strategic and are commonly executed by hackers causing chaos for attention, or young cybercriminals testing their abilities.
Considering these attacks are typically the least organised, and pulled off by the least technical individuals, they are the easiest to prevent. Unskilled troublemakers typically will use a paid service to pull off the attacks, making it costly to sustain long-term. By optimising your network configuration and utilising technology with robust load balancing capabilities, the risks posed by these attacks can be greatly minimised.
This category of attacks is a grab-all for incidents that don’t fit into the more defined versions of a DDoS attack. As they are often poorly organised attacks on random companies, it is difficult to pin down specific warning signs. If you are a high-profile company that would make for good headlines, you can assume you may be a target for this sort of incident.
Government and state-run websites have been a common target for protestors and activists looking to make a statement via cyber-means. Most commonly associated with the likes of Anonymous and other hacker collectives, these attacks are a slightly more advanced, targeted version of the hit-and-run. There is no true end-game in terms of tangible payoff, and these attacks tend to be symbolic in nature.
By taking down government web assets, attackers cause headaches for officials looking to both save face, and bring critical services back online. While there is little pay off for the so-called ‘hacktivists’, the damage caused to operations and reputation is very real.
The ease of pulling off a rudimentary DDoS attack means that the hackers aren’t always the usual suspects. For example, a recent survey from Kaspersky Labs found that 48 per cent of companies who had experienced a DDoS attack believed their competition was responsible. While these statistics may be slightly inflated due to human paranoia, at least some of the attacks being reported fall into the category of B2B cybercrime.
Along with causing productivity declines that reduce the efficiency of a key competitor, companies perpetrating these attacks also aim to damage the target’s reputation. While there are no direct monetary gains for the perpetrator, the indirect benefit of not being associated with a cyberattack is enough to draw customers away from the competition.
Hackers have increasingly turned to DDoS attacks as a means of diverting IT’s attention away from separate, and often more damaging, behaviour. When an attacker damages or completely brings down a company’s network, the process for complete remediation can take days. Considering the fact that DDoS attacks are highly visible, both externally and internally, returning to business as usual becomes top priority for responders.
With the IT team’s attention focused elsewhere, it is easy for otherwise alarming behaviour to slip through the cracks. False positives are already a common headache for those monitoring network activity, and during a time of crisis it becomes much easier to neglect best practices and allow for incidents such as malware injection or data theft to occur.
Often, organisations don’t realise a DDoS attack is being used as a smokescreen for a larger security incident until it’s too late. The best defence comes from ensuring that all normal cybersecurity processes are continued in the wake of an attack, and never assuming the worst is over.
The last form of attack has the most obvious pay off for hackers: cold hard cash (or at least cold hard cryptocurrency). For companies involved in e-commerce, stock trading, customer service and basically any form of business requiring access to a website or portal, extended network downtime is not an option.
Depending on the resources of attackers, sophisticated DDoS attacks on improperly secured networks can be extended for days, costing companies thousands and even millions of dollars in lost business. Attackers know this and prey on businesses looking to cut their losses and pay their way out of the situation. The good news is these attacks are easy to categorise since they come in conjunction with a communication demanding a ransom. The bad news is the price tag (usually requested in Bitcoin) is at the complete discretion of the attackers, and as more companies pay up, the demands are only bound to increase in the coming year.
Duncan Hughes works as a systems engineering director at A10 Networks.