Gone are the days of an organization being targeted solely by elite hackers. Today, an aggressor needn’t be a hacker at all: The high school student across the street, the disgruntled employee, or the customer who had a poor experience with your organization can all shutter your online availability.
Thanks to the advent and growing popularity of cybercrime-as-a-service, the process of launching DDoS attacks is now effortless and nontechnical. Attack tools are developed in an open-source environment and rapidly evolve. They have become more available and less expensive—even free—and as a result, Distributed Denial-of-Service (DDoS) attacks have grown in frequency and in scale. In fact, Akamai reported that DDoS attack activity set a new record in Q2 2015, increasing 132% compared to Q2 2014.
The head of the EU cybercrime center, Troels Oerting, foretold of this increase in cyber attacks. “With the increasing number of people on the Internet we will see much more crime and it will be facilitated by cybercrime-as-a-service producers,” he said in 2013.
In the past, hackers—who inhabited only the darkest corners of the web—were required to master many technical challenges in order to wield a DDoS attack. First, malware needed to be developed and spread, thereby infecting and gathering machines into a botnet. A botnet, the very epicenter of a DDoS attack, is a network of computers controlled as a group without the owner’s’ knowledge. Then, from the command line (often IRC), the hacker commanded the botnet to attack anyone of their choosing.
Today, however, with only an email address and a method of payment (a major credit card, PayPal or Bitcoin will do just fine), DDoS cybercrime-as-a-service portals (otherwise referred to as booters) can be subscribed to and DDoS attacks launched. As simple as it is to sign up to Netflix and watch a movie, anyone can subscribe to a DDoS portal, select a type of attack and enter in the victim’s domain or IP address to target.
And these DDoS portals are no toys. For example, the Lizard Squad DDoS attack portal was capable of pushing offline the two largest console gaming networks. Even more startling was that the aftermath proved greater than the attacks themselves, because the game networks couldn’t handle the traffic of millions of consoles trying to get back online all at once after the attack concluded.
To further expose today’s DDoS climate, the White House has ushered in initiatives to protect consumers from illegal, malicious botnets and denial-of-service attacks. This is eye-opening as the cyber security practices of the public sector often lag behind that of the private sector.
Who is to blame for the current DDoS climate? It’s less of who and more of what; It is the frictionless access and the ease of use of DDoS attack tools that serve as a direct threat to the Internet as a whole.
If you will, imagine an unruly individual who requests junk mail to be sent to a victim’s home. A lot of junk mail. The victim’s mailbox is going to become overwhelmed. As the mail scales (akin to a DDoS attack strengthening), the mailman is going to become overwhelmed. Soon enough, the local post office, the regional post office and so forth, will all become overwhelmed. The transit of all mail, both the good and the junk, will have been gridlocked.
Worst of all, the unruly individual who gridlocked the entire mail system has used your home or place of business as the return address! Who is perceived to be at fault?
DDoS attacks are clearly a threat to the continuity of organizations that operate online or have an online presence, but less known is the threat DDoS attacks pose to the livelihood of those who are DDoS spoofed, meaning those of whom the hacker has used the home or place of business as the return address.
The advent of DDoS spoofing (and amplification) has made it virtually impossible to find the true source of a DDoS attack. Even more startling is that attackers have effectively reduced their botnet member churn rate to zero.
Attackers’ identities have been cloaked, their botnet assets have become undetectable, and attackers can use the amplification vectors to create major DDoS attacks with very little resources.
Reactionary defenses are by definition too late. A combination of offensive and defensive DDoS attack protection measures are best. To that effect, the cyber security community and law enforcement are collaborating to dismantle cybercrime services, thereby dampening the probability of being attacked in the first place. After all, the best mechanism for defense is not to be attacked.
For a faster, safer and more secure Internet, both offensive and defensive cyber security solutions must be employed. Today, anyone can launch a DDoS attack. Or worse, is already a part of one. Scan your computer, scan your network and make sure you are not benefacting a botnet. If cyber security and DDoS protection are yet to employed at your organization, be the one to speak up and start the discussion.