Another year, another type of cyberattack to worry about and guard ourselves against. As the world of data sharing and smart technology continues to turn, one thing remains certain. Cybercriminals are working every bit as hard as data security professionals, ensuring that they stay ahead of the curve when it comes to hacking into systems, breaching data safety protocols, and breaking through the latest measures designed to keep them out. So what about the DDoS attack?
Ransom-related DDoS (known as RDDoS) attacks aren’t exactly new – they hit the headlines when private email provider ProtonMail was taken down by a DDoS (Distributed Denial of Service) attack back in 2015 – but like so many forms of cybercrime, they continue to grow in sophistication and diversity.
This has been accompanied by a new spate of attacks over the past year, ranging from protocol-based infiltrations to volumetric breaches and from app-based assaults to IoT device hacking. In the face of the concerning growth in DDoS attacks, data security professionals, business owners, and private individuals alike have a responsibility to stay in the know about this type of cybercrime and ensure they’re protected by the twin safeguards of solid protocol and common sense.
What are the Motives of DDoS Attacks?
As with the vast majority of cyberattacks, DDoS attacks are primarily aimed at jamming competitors’ web performance, then extorting money from their victims. Along with recent high-profile DDoS attacks (including the Amazon Web Service attack in 2020), we saw a wave of similar attacks in 2016 and 2017, with even Google coming under fire and being bombarded with six months of high-level threats that affected thousands of IP addresses.
However, the motives of DDoS attackers are varied, and much time and study have gone into identifying what these individuals or groups are aiming to achieve. A recent statement from the director of AT&T security outlined a spectrum of motives, ranging from obtaining financial reward (which, unsurprisingly, covers the majority of attacks) to a growing issue of making bold, radical ideological statements through the means of a cyberattack.
Mentioned in the same statement were motives such as creating a geopolitical advantage and exacting damaging vengeance in reaction to governmental actions and policies.
Why are DDoS Attacks So Dangerous?
Make no mistake: all cyberattacks that deal with data breaches are potentially devastating; DDoS attacks aren’t necessarily worse than other types of wide-reaching cybercrime. However, the fact that DDoS attacks generally have the sole aim of causing a data breach – and then using the data for reasons of extortion – makes them a genuine and potent threat for several potential targets. While proactive strategies range from encrypted cloud storage to various iterations of security certificates, there is no one size fits all solution to safeguard data against a dedicated wrongdoer.
Additionally, It’s important to note that the IoT’s spectacular growth has made DDoS attacks even more dangerous. With everything from cross-country haulage systems, urban infrastructure, and personal devices now coming under the IoT banner, you don’t have to be a security expert to understand the harm that a DDoS hacker can cause in a world where often poorly-secured IoT devices are becoming the norm.
We must also consider the impact that the incoming 5G roll-out will have on the vulnerabilities of the IoT and the potential harm caused by future DDoS attacks. By increasing overall available bandwidth, 5G will power a new age of IoT connectivity. Since there is still no standard for IoT security, tomorrow’s DDoS attacks may find it even easier to recruit, compromise, and control IoT devices as part of powerful botnet armies. Scary stuff, indeed.
Who is Most at Risk from DDoS Attacks?
As the Amazon and Google attacks of 2016 and 2017 showed, DDoS cybercrime’s potential targets are many, varied, and can affect even the biggest of the tech behemoths. If we make the reasonable assumption that cybercriminals are mainly out for financial gain, it makes sense to suppose that the prime targets of this kind of attack are, and most likely always will be, eCommerce retailers.
To say that eCommerce is a rising star would be a major understatement. The coronavirus pandemic has boosted an already ascendant industry by a significant margin, pushing eCommerce sales to grow by 44% in 2020, with mobile sales alone accounting for almost 73% of online shopping – with that much money moving through eCommerce sites, it’s no wonder they’re such a target for DDoS attacks.
However, eCommerce retailers are by no means the only targets of DDoS cybercriminals. As mentioned, governmental institutions have been regularly attacked either as a means of protest or to promote instability and fear. Unsurprisingly, financial institutions have likewise become the focus of this type of crime too.
DDoS Attacks as a Distraction
The nature of cybercrime is often multi-layered and confusing by design. Sometimes DDoS attacks are deployed as a smokescreen, acting as a distraction from even more damaging activities. This kind of attack is the ideal cover, as it will reliably draw the immediate attention of even the most committed security team, allowing for criminal infiltration in other and potentially more harmful ways.
A potent example occurred in the summer of 2020, when a DDoS extortion gang carried out an attack on the New Zealand Stock Exchange, causing mayhem and disruption for several days. The DDoS attack was itself a decoy, prompting the stock exchange’s security personnel to scramble to block the breach. Meanwhile, the cybercriminals launched offensive after offensive on backend infrastructure, API endpoints, servers, and service providers associated with the exchange.
Cybercrime is Here to Stay
The recent rise of DDoS attacks has been prescribed to many different causes, ranging from an increase in IoT devices to the relatively low cost of bots following the COVID-19 pandemic. Whatever the true reason for the increase in DDoS attacks, it revealed a reality that we have to deal with: cybercrime, in all its ever-shifting forms, is never going to go away.
Having said that, capitulating the inevitability of hack attacks is not a good strategy. In the words of a classic British rock band: It’s not the kill, it’s the thrill of the chase. In other words, take satisfaction in the process of trying. Maybe it’s not a perfect analogy, but it’s in all our best interest to stay one step ahead of the bad guys.
What do you think? Are DDoS attacks on the uptick? Let us know what you think on our MeWe page by joining the MeWe social network or commenting on our other social media pages.