For many organizations situated at the receiving-end of a coordinated DDoS attack, the objectives of the attackers may not necessarily be self-evident. In too many cases, organizations come under the cross-hairs of multiple DDoS campaigns – with the campaigns being launched and orchestrated by different groups.
From an instigators perspective, some of the most common DDoS objectives are:
Extortion. The attackers seek to cause key online business services to become unavailable at critical times and expect payment for an attack to cease. For example:
- Preventing customers from placing bets within an online gambling portal in the run up to a major sporting event and requiring payment to prevent a DDoS occurring on game day.
- VoIP calls are made continuously to an organization’s phone and fax numbers thereby preventing any in-bound communications. Automatic messages are played to anyone answering the phone that payment is expected for the calling to cease.
Espionage. The attackers seek to cause key business services to become unavailable or unresponsive while reaping an award on another front. The DDoS attack itself is used as a method of disguising the real purpose of the attack or distracting the victim’s attention. For example:
- The operator of a botnet is paid to DDoS the email services of a local business operator to prevent that organization in responding to a competitive business bid.
- A high-volume DDoS assault is conducted against multiple online business portals with the expectation that the targets incident response team will be too busy to notice a parallel stealthy attack against the true target as things are “lost in the noise”.
Protesting. The attackers seek attention to the particular cause or public issue they are pursuing and work to force a particular change in policy or behavior. Attack participants are provided with target and coordination details from a central “authority”. For example:
- The global DDoS of a particular government’s web sites in response to (perceived) unfair election practices.
- A coordinated campaign of DDoS attacks against the web portals and email systems of any organization supply
Nuisance. The attackers launch attacks against a broad spectrum of targets “because they can”. The objectives vary greatly between targets but the DDoS attacks are typically short lived, often reactionary to a perceived slight, or designed to gain some temporary advantage over named individuals. For example:
- Opposition team member IP addresses are DDoSed during an online game so that the attacker’s team can win or obtain the highest scores.
- A student launches a DDoS against the school’s homework submission system in an effort to cause other students to miss a specific homework due date.
Source: Damballa Study