Are DDoS Attacks a Hacker Goldmine for Cybercriminals?
The evolution of DDoS attacks and how to tackle them.
DDoS attacks have been growing in prevalence over the past few years. To avoid becoming the next victim, Jeremy Ventura of ThreatX says that companies need to have a better understanding of the evolution of DDoS attacks, the damage they can cause to an organization, and more.
Distributed denial-of-service (DDoS) attacks have been growing in prevalence over the past few years. According to a recent DDoS year-in-review report, DDoS attacks have increased by 74% YoY in 2022. What’s more, just in the first five months of 2023, there have been hundreds of attacks, which have impacted hospitals, financial service organizations and semiconductor equipment manufacturers – to name a few.
DDoS attacks are causing disruptions in services for thousands of people worldwide, ranging from patients being unable to access their medical records to airplanes being restricted from landing due to server downtimes. Most recently, researchers tracked a new Service Location Protocol (SLP) bug that allowed threat actors to launch massive denial-of-service attacks, impacting over 2,000 organizations and exposing roughly 54,000 exploitable SLP instances for use in DDoS amplification attacks.
To avoid falling victim to the next big DDoS attack, companies need to have a better understanding of the evolution of DDoS attacks, why they’re growing in volume, the damage they can cause to their organization and customers, and the steps that need to be taken to ensure that even if they fall victim to an attack they are protected. Organizations and employees need to help build a foundation that enables them to better protect themselves, know how they are protected and have adequate plans in place to quickly and effectively respond. Let’s explore these in more detail.
To the Frontline: The Evolution of DDoS Attacks
DDoS attacks have been around for quite some time but are starting to make top headlines as the cyber threat grows in popularity among bad actors. Today, we’ve seen the evolution of one-off attacks to ever-expanding attack methods that combine more endpoints to create larger damage. DDoS attackers marshal an army of connected devices — known as a botnet — that impede and disrupt an organization’s servers’ processing capabilities, slowing them down, if not completely making the website inaccessible.
Today, botnets are not just leveraging a typical endpoint (i.e., a server or laptop) but instead have begun utilizing IoT and smart devices to attack and cause service outages lasting several hours or even days. Home security cameras, smart cars and even smart refrigerators that are connected to home networks via Bluetooth are all vulnerable to bad actors. By design, a lot of smart technologies were not created with security in the background, and now cybercriminals are exploiting this and using these vulnerabilities to successfully deploy attacks.
When an organization experiences a successful DDoS attack, their site can be down for as little as 10 minutes, yet bad actors are able to influence brand reputation, revenue and user traffic during that time period alone. However, with even more sophisticated attacks, these criminals can work together to cause catastrophic damage. While one attacker is working on taking the site offline, other attackers are probing systems, distributing phishing emails or attacking the website’s APIs, impacting an organization’s security posture and causing businesses massive headaches.
See More: 5 Skills for Networkers Living in the SASE World
The Impact: Why DDoS Are Causing Massive Headaches for Organizations Today
Through the darknet, hacker groups have streamlined the ability for anyone to purchase attack services that are inexpensive, allowing inexperienced hackers to deploy thousands, if not millions, of connection requests to be sent to the target web server per minute. This, as a result, slows down the server’s processing capabilities, if not completely taking down the targeted website.
Many IT leaders are failing to properly protect their organizations from DDoS attacks for multiple reasons, with the first being that there is a blatant lack of security awareness within the organization and its systems. These professionals may not see DDoS attacks as a “big problem” or have taken on a “it won’t happen to me” attitude.
Additionally, there has been a significant reliance on exclusively using legacy systems such as static web application firewalls (WAF) to offer adequate protection for entire systems. While these solutions do offer protection, they were not created to stop these larger-scale attacks we’re more commonly seeing today. The problem lies in the volume and velocity of activity being sent to servers. Recently, a DDoS attack averaged 50 million to 70 million requests per second. In the next five years, we can be dealing with billions of attacks. If not properly secured, many organizations will find their servers overwhelmed and services disturbed.
Modern Defense Methods: Getting Ahead of DDoS Attacks
So, how can IT and security leaders protect their organizations from falling victim to a targeted DDoS attack? At a high level, they must make sure they are testing and planning for an attack. Organizations need to initiate yearly table talk exercises to inform what a modern DDoS attack may look like – this way, they are prepared with outlined steps of action and ownership to get systems back up and running should they suffer or spot an attack. Furthermore, it must be communicated that this job does not just fall on the security operation center (SOC) or IT teams alone, but rather that it is the responsibility of all company resources; marketing, finance, HR, etc.
On a more technical level, protecting against DDoS attacks starts with improving static legacy solutions. Organizations need to implement solutions that identify consistent underlying attacker-centric behaviors or have indicators that grant more accuracy and flexibility. This helps to not only block specific hits from an IP address in a defined period of time, but also track potential threat actor movements to learn about an attacker’s level of exploit while analyzing the data correlation. In addition, by combining DDoS protection with API and application discovery and cataloging, bot mitigation, fingerprinting, and real-time attack detection and blocking, organizations can stay ahead of the curve when it comes to complex and evolving attacks.
While preventing DDoS attacks aren’t necessarily easy, if the right steps are taken, companies can guard themselves against these malicious attacks and omit falling victim to hackers. Cybercriminals are continuously maneuvering to stay ahead of cybersecurity strategies, so it’s our job as security leaders to think faster, smarter and do our due diligence to keep our organizations secure.
How are you staying ahead of DDoS attacks? Share with us on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON DDOS (DISTRIBUTED DENIAL-OF-SERVICE)
- How Threat Actors Use Middleboxes to Launch Denial of Service Attacks
- Web Application Firewall Goes Hybrid to Amp Up DDoS Defenses
- How CLDAP Reflectors Enable DDoS Attacks & Ways to Reduce Your Exposure
- DDoS Attacks: A Growing Cybersecurity Problem in Remote Learning
- Confronting the Rise of Website, Application and DDoS Attacks
