DDoS - keep the threat on your radar
Distributed denial of service (DDoS) attacks are experiencing something of a renaissance in connection with ransomware. As Europol's Internet Organized Crime Threat Assessment report makes clear, DDoS attacks are among the biggest threats to businesses.
Why is that? Digital security measures could not be implemented equally in all companies and government agencies. Corona has forced large corporations, SMEs and government agencies alike to act quickly. In addition, there are more and more intercommunicating, networked IoT devices, and the Internet of Things is clearly on the rise, helping parallel developments such as 5G and the use of cloud technologies to gain momentum. DDoS attacks are becoming more complex and therefore more powerful because they now target many different devices and therefore parts of the enterprise network.
More businesses and government agencies are turning to cloud solutions during the pandemic
Manufacturing and logistics companies are equipping warehouses and entire production lines with cloud services to keep track of inventory and loads. In addition, each of these services ends up needing an API to be functional. These interfaces simplify enterprise processes - but they can be dramatic vulnerabilities that could cripple business-critical operations, for example. Simple protection is not enough here; what you need is broad protection against Layer 7 attacks.
DDoS as an "activity" of professional, criminal groups and individuals also benefits from cryptocurrencies and ways to transact anonymously online. Botnet-based attacks now occur via AI systems and data-centric, organized models that no longer require the originators to have specific IT skills.
Ransomware operations as affiliates
For example, it is now possible to book DDoS attackers to offer their services as part of an attack wave. For attacked companies, this sometimes means significant financial losses because of lost business and reputational damage. Cyber-attacks such as DDoS attacks are one attack scenario of many, but often together with ransomware as a service and monetized in this way.
While in the past banks were increasingly the target of DDoS attacks, today more and more public institutions and authorities such as police forces or even local governments being hit. In addition, arrests have so far not had the desired impact on the growth market behind distributed denial-of-service attacks. In addition, many of these attacks go unreported or, at worst, go unnoticed for several hours. One fierce attack recently hit AWS, causing traditional customer requests classified as malicious by the system. At the same time, Google Cloud Platform experienced very similar issues.
Protocol- and application-based attacks, executed by botnets "fired" from compromised computers, phones, or IoT devices, are something we will see more of in the future. RDDoS, i.e. ransomware paired with DDoS attacks by so-called threat actor groups will probably also increase. Ransom demands are made in bitcoin currencies. These attacks serve as a red herring. Because while security teams are busy with the DDoS attack, attackers can drive further attacks. We know this case from the Armada Collective attack on the New Zealand Stock Exchange in the summer of 2020, where trading had to be completely halted. The target here was not only the public websites of the exchange, but backend infrastructures, API endpoints, DNS servers and the Internet service providers.
What can companies do? The key is to ensure resilience, integrity and uptime of all digital services and platforms. A DDoS attack on national infrastructure networks would have dramatic consequences, not counting costs of downtime. Do not accept ransomware, but report an RDDoS attack to law enforcement authorities.
Please note: when we talk about ransomware, it is technically a type of malware that encrypts a victim's file and blocks his access to it. The term "ransom" is common for the process itself; however, ransomware is often used synonymously.