The whys and wherefores of any distributed denial-of-service (DDoS) assault come down to temporarily knocking a web service offline. With the amplitude of these attacks increasing over time, even the best-protected digital infrastructures may fail to mitigate them. The rise of IoT botnets such as Mirai adds extra fuel to the cybercrime furnace by generating terabits of fraudulent traffic per second to blast networks.
Whereas the intended aftermath of a DDoS raid is a constant, the motivation of threat actors is a variable. The purposes of perpetrating these incidents run the gamut from hacktivist protest and online hooligans’ ego boost to unethical business rivalry and extortion.
With that said, some organizations are more heavily targeted than others. This article reflects the breakdown of industries that are on the receiving end of most DDoS attacks these days.
The COVID-19 crisis has forced educational institutions around the world to adopt a remote learning model. Amid this shift, schools and universities found themselves in the epicenter of targeted DDoS campaigns.
According to cybersecurity company Check Point, these attacks are making themselves felt the most in the United States, with a 30% increase observed during July and August. The attacks are mainly executed by students who bear a grudge against their schools or simply want to wreak some havoc via free tools readily available online.
In one of the recent newsmaking incidents, a 16-year-old wannabe hacker swamped the South Miami Senior High School district’s computer network with a destructive traffic flood. To set the attack in motion, the teen leveraged an open-source network stress testing tool called Low Orbit Ion Cannon (LOIC). The ne’er-do-well was tracked down by law enforcement and charged with computer fraud.
Security analysts at Kaspersky also reported a massive surge in DDoS onslaughts against the education sector. As per their findings, the number of these incursions more than tripled in the first half of 2020 versus the same period last year.
Fans of the Minecraft online video game can set up servers for multiplayer experience. The optimal shortcut to doing it is to use hosting services, either free or paid. Unscrupulous hosting providers may try to boost their own customer count by deluging popular Minecraft servers with DDoS attacks.
If this scenario kicks in, gamers will run into server lag issues and eventually get frustrated with their current hosting service. This creates lucrative soil for the unethical business competition where Minecraft fans start looking for alternatives and wish to rent server space elsewhere.
Interestingly, this is precisely how the above-mentioned Mirai IoT botnet came into existence. Its early version was masterminded by a group of college students who wanted to bring several Minecraft servers offline.
Their original conspiracy got out of hand, though. In October 2016, the botnet struck a DNS provider called Dyn and thereby temporarily disrupted access to Twitter Inc TWTR, Netflix Inc NFLX, Spotify Technology SPOT, GitHub, Reddit, and several other major services.
Cryptocurrency trading is one more area where DDoS plays its evil role. Because service downtime or sluggish processing of coin-related transactions is a drag that makes any trader frown, malicious actors may unleash rogue web traffic to taint the reputation of a competing service and encourage people to switch to theirs.
In late February 2020, two popular cryptocurrency exchanges, Bitfinex and OKEx, underwent DDoS incursions that suspended the trade process for at least an hour. Incidentally, the former has a long track record of mitigating anomalous traffic floods – a previous massive attack against its systems took place in November 2017.
Another service called Bittrex got hit around that time, with the attack resembling the Bitfinex snafu. This made researchers speculate that it was a well-coordinated series of assaults perpetrated by the same gang.
No matter how revolting it sounds, DDoS can be used to suppress independent media whose initiatives are at odds with the interests of local authorities. This is what happened to popular Hong Kong protest sites, PopVote and Apple Daily, in 2014.
After these two outlets held an unofficial election of the city-state’s chief executive, they got shelled with a 500Gbps flood of web traffic. This cyber-attack eclipsed all previously reported DDoS onslaughts in terms of amplitude. Similar raids reoccurred each time these sites announced new pro-democratic moves or published unbiased highlights of the protests.
DDoS can be a way for hacktivists to condemn political groups or controversial laws. It is also an element of the geopolitics game played by nation-state actors, although the sophistication of these attacks makes attribution extremely challenging.
In June 2016, the United Kingdom’s voter registration system crashed ahead of the historic Brexit referendum. This incident initially claimed to be an IT glitch, prevented numerous citizens from completing the registration and made authorities extend the deadline. A few months later, new evidence surfaced that suggested it could have been a DDoS assault aimed at sabotaging the vote.
In 2018, cybercrooks slammed websites for several municipal-level campaigns run by the United States Democratic Party. These DDoS attacks peaked during online fundraising periods and whenever a candidate’s ratings went up.
All in all, the overlapping of politics and DDoS may have serious real-world implications for both local communities and entire societies. It impedes democratic processes and skews the political landscape to influence public opinion.
Dark Web Markets
Illegal online stores that sell prohibited drugs, knockoff pharma products, jewelry, and stolen credit card information are on the list of the common DDoS targets as well. In this case, attackers’ goals range from service obstruction to outright extortion.
The latest campaign of this kind broke out in late August 2020 when a popular dark web service called Empire Market stopped processing orders for about two days due to an influx of malformed traffic packets. At that point, the operators of this dubious web marketplace were rumored to have pulled off an exit scam, a type of foul play that boils down to raking in payments from customers and never sending the merchandise they bought.
However, it turned out that a series of powerful DDoS assaults were to blame for this disruption. Before the problem escalated, Empire Market had been recurrently torpedoed by an individual who demanded up to $15,000 per week for not bringing the service offline.
It comes as no surprise that the owners of the dark web resource got tired of constantly dealing with these ultimatums and coughing up ransoms to keep the marketplace afloat. At the end of the day, they closed up shop due to continuous pressure with DDoS at its core.
Finance And Retail Organizations
Extortion is an increasingly common motivation for executing DDoS raids these days, and illegal Internet stores like the above-mentioned Empire Market are not the only sufferers. Last summer, security researchers gave businesses a heads-up about a massive ransom DDoS (RDoS) wave deployed by several infamous cybercrime rings, including Armada Collective, Fancy Bear, and Lazarus Group.
The crooks send blackmail notes to numerous organizations, primarily ones from the finance and e-commerce sectors, stating that they will mount high-amplitude DDoS attacks against the targets’ networks. To prevent this from happening, the victims are instructed to send 10 BTC (worth roughly $115,000). The amount will be increasing by another 10 BTC after every missed payment deadline.
Most businesses that ended up in the malefactors’ spotlight did not experience any issues after refusing to pay up. However, some had to plunge headlong into mitigating an abnormal surge of fraudulent traffic.
Authors of file-encrypting ransomware programs have since followed suit by adding a similar extortion mechanism to their repertoire. If a compromised organization is unwilling to negotiate the decryption terms, the felons threaten to slam its website with a DDoS attack.
How To Stay Safe
Very few companies have enough server resources of their own to withstand growingly powerful DDoS incursions of numerous types. Under the circumstances, the most reasonable risk mitigation strategy is to opt for a cloud-based protection service such as Akamai or Cloudflare. Deep packet inspection, rate limiting, and IP blacklisting techniques can further step up the defenses by filtering out suspicious traffic.
A trusted web application firewall (WAF) is worth deploying in an enterprise network as well. It prevents application-layer DDoS attacks by inspecting HTTP traffic between a web application and the open Internet. Make sure your systems up to date to get the latest vulnerability patches that will raise the bar for potential attackers. It will also not be superfluous to remind not to click on the email attachments, which often carry banal PUPs and quotidian viruses that infect computers and later turn them into zombie bots.
© 2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.