According to a recent DDoS Prevention Survey, more than half of all IT security officials have reported that their company has been targeted by a Distributed Denial of Service (DDoS) attack up to 10 times in the last 12 months. Among these victims, more than 40% reported that their attacks lasted longer than 10 hours. These statistics correlate with , which indicate there were more than 7.5 million attacks in 2017. And this rate is increasing roughly at the same rate as general internet traffic.

So what is behind this uptick? Well, it comes down to three primary factors:

• The motivation of attackers
• Increasing opportunities provided by inexpensive and user-friendly attack service
• Increasing capabilities of Internet of Things (IoT) botnets

Motivations: the political and the criminal

In a political and economic landscape that is becoming increasingly volatile, nation-states and political activists are adopting DDoS attacks as the new geopolitical tool. There is a marked increase in the frequency of attacks on political websites and critical national infrastructure services. This is because they can enable attackers to remain undetected whilst affecting real-world events like election processes.

Back in June, there was a DDoS attack launched against a website that opposed a Mexican presidential candidate during a live debate. This attack was a clear demonstration of how a nation-state could influence events that transcend the digital realm. It genuinely threatened the stability of the democratic process by knocking out a candidate’s website at a key moment for the debate. Security experts call this technique “cyber reflection”, where an incident in the digital realm reflects what is happening out in the physical world.

This cyber reflection can also be present in DDoS attacks that criminal organisations carry out for financial gain. This is particularly true when global financial institutions or other supra-national entities are involved, as their power makes them attractive targets for disaffected activists, state actors and cybercriminals. Extortion revolving around the threat of DDoS is a significant danger for enterprises across all sectors, but cybercriminals also utilise DDoS attacks as a smokescreen to distract attention from their other nefarious actions like illegal money transfers and data exfiltration.

Attacks made easy

In April 2018, one of the largest providers of DDoS-as-a-service (DaaS) - Webstresser.org - was taken down as part of a major international investigation. This company had enabled criminals to purchase the capability to launch attacks and has been responsible for millions of DDoS attacks worldwide. The site was utilised by a British cybercriminal to launch attacks on large retail banks in 2017, causing damage that amounted to hundreds of thousands of pounds. Unfortunately, as soon as Webstresser was shut down various other services popped up in its place.

These DaaS services run amok in the underground marketplace, and their services are actually very cheap, making them readily available to many people. The affordability and availability of these services give people a simple way of carrying out well-planned attacks and heat-of-the-moment ones alike.

IoT botnets

IoT devices usually hit the market at the lowest possible price, meaning security is too often a mere afterthought. Consequently, most consumer IoT devices have elementary vulnerabilities, and most consumers never even contemplate the security aspect of their new products. There were 27 billion connected devices as of 2017, and this is expected to rise to 125 billion by 2030, and currently, they are attractive targets for authors of malware.

There was a high-visibility DDoS attack in the latter part of 2016 against a DNS host, affecting a large number of prominent online properties. The malware that was responsible for this high-profile attack, as well as many others, was Mirai. The publishing of Mirai’s source code in 2016 sparked the creation of a slew of other botnets based in the IoT, which have continued to evolve ever since. With the increasing proliferation of IoT devices, and their minimal security, there has been a dramatic increase in the quantity and scale of botnets. These enable attackers and DaaS services to create new powerful and sophisticated attacks.

In conclusion

The DDoS attacks we see today are increasingly multilayered and multivector. They combine large-scale volumetric assaults with stealth infiltration to target the application layer. This is simply the latest trend in a constantly-evolving landscape that sees attackers adapt their tools to evade and defeat existing defences. It is vital that businesses maintain a continuing vigilance on the techniques at play for targeting them, and keep their defences up-to-date with the latest industry best practices. At 1stCallDetectives, we value customer privacy, security and discretion, as illustrated by our site’s new encryption certificate. We specialise in defending clients against the latest, most sophisticated types of cyber attack. If you would like to know more about what we do and how we could assist you with cybersecurity, we would love to have a chat.