Recently, hacktivists from Lizard Squad launched an alleged DDoS attack against Blizzard’s Battle.net leaving players unable to log in to popular games such as Overwatch, Hearthstone and World of Warcraft. DDoS attacks, or Distributed Denial of Services, occur when a malicious entity floods a network with fake traffic designed to cripple and take down the company’s server.
Besides having problems logging in, Overwatch players were also disconnected from matches. In 2014, Lizard Squad successfully shut down the online Xbox and Sony PlayStation gaming networks, which caused major outages during peak holiday gaming season and went as far as issuing a bomb threat on Sony executives.
And most recently, Lizard Squad, using their LizardStresser botnet consisting of a large number of Internet of Things (IoT) devices (namely compromised web surveillance cameras), launched multiple, large DDoS attacks against various sites related to the 2016 Rio Olympics.
The reality is that just about every geopolitical event and social movement now has its “Cyber Reflection” in the cyber world. The 2016 Rio Olympics was such an event. As human activists protested in the streets of Rio de Janeiro, cyber hacktivists launched DDoS attacks against the networks and websites of entities such as Brazilian banks, ISPs and sponsors who were either directly or tangentially related to the supporting the Rio Olympics.
The Cyber Reflection is a global phenomenon that can affect any organization with an Internet presence – all it takes is to be in the wrong place at the wrong time. Not only does it impact the target business entity, but unfortunately, it also affects the consumers of those entities.
Consumers get caught in the cross hairs all the time. It’s known as the “collateral damage” of a DDoS attack. For example, the attacker may be targeting a specific online retail company because they are disgruntled over a prior transaction – or a sponsor of the Rio Olympics. The attack impacts not only the on-line retailer, but also all those consumers who are trying to transact with the online retailer.
The chart above comes from Arbor Networks most recent Worldwide Infrastructure Security Report (WISR) and offers a rare view into the most critical security challenges facing today’s network operators. Based on survey data provided by service provider, enterprise, cloud, hosting and other network operators from around the world, this annual report provides real-world insight into the security threats that organizations face.
The survey asked Services providers which verticals they see as being targets of DDoS attacks. As noted above, it’s across the board. In other words, any On-line, Cloud-based Service can be the target of a DDoS attack (for whatever reason). The consumers whether they be shoppers, gamers, students, e-traders etc. use on-line services are thus impacted.
In a growing number of cases, DDoS is being used as a smokescreen. DDoS is being used to cover up fraudulent wire transfers, exfiltration of confidential data (i.e. credit cards, health care records) etc. But the consumer of these services is impacted just as much as the target organization.
Unfortunately, this is the new normal, and anyone could be affected by current events through a DDoS attack. Anyone, with no technical knowledge, can now launch a DDoS attack against any organization that they think deserves it and you the consumer can get caught in the crossfire. For a very modest fee, (e.g. $5/hr.) attackers can employ one of the many DDoS attack services and tools, point it to their target and cause significant damage – potentially having a much greater impact than a small group of protesters could achieve in the physical world.
Take a step back
Here’s the lesson for everyone: pay attention to what’s happening in the real world. Keep an eye on CNN or the BBC for geopolitical events that could provide the motivation for the next attack. Here are a few more tips:
- Don’t rely 100% on the online service. Have a backup plan in place (i.e. visit a real store, have hard copies of your bank account, trades etc.)
- Keep an eye on your credit card transactions and looks for fraudulent activity due to potential compromise of your data
- Before you sign up with an on-line service ask about their DDoS protection
If you suspect that you could be a target, these few tips can help you understand the potential threat and help you protect yourself.
Tom Bienkowski is director of Product Marketing at Arbor Networks.