Skip to content

Why Distributed Denial of Service (DDoS) Attacks Have Become More Dangerous

Distributed Denial-of-Service attack (DDoS)
How much risk can you endure if you are hit by a Distributed Denial-of Service (DDoS) attack?
Assess your current situation now.

Over the past month, I worked with both the FBI and the California Highway Patrol on a Distributed Denial-of-Service (DDoS) attack against an organization. This has become such a common problem that the FBI’s cyber task force is starting to lean on other agencies that have the capability or resources to help.

In years past, DDoS attacks were most often a game that malicious developers played to retaliate against someone they didn’t like. They would flood an opponent’s network with traffic and drown it. Unfortunately, DDoS has become a weapon cybercriminals use to attack a business’s network and hold it hostage for a ransom.

What is Distributed Denial-of-Service?
DDoS works by sending a massive number of queries to a network, overwhelming its capacity to respond. The attack is “distributed” in that the bad actors break into other people’s devices and use those devices to send the queries to their victim.

Quest CTA CybersecurityDiscoverySession
 

With so many more smart devices connected to the Internet today, there are vastly more endpoints that cybercriminals can weaponize. The attack might come from thousands of laptop computers, smart TVs, or refrigerators. And with so many organizations now relying on remote access and Internet links, the DDoS problem has exploded.

Fancy Bear and the Armada Collective
The attack that I worked on this month was typical. The bad actors sent a message to their victim claiming to be the Armada Collective, a group of Russian cybercriminals well known in the industry. Other attackers claimed to be from another Russian group that goes by Fancy Bear. The consensus is that cybercriminals are using these names to instill fear, because those well-known bad actors have wreaked so much havoc around the world.

The attackers threatened to take the network out of service unless their target immediately delivered five bitcoins. We’ve seen DDoS attackers demand as much as 10 bitcoins (keep in mind that a single bitcoin is currently worth about $12,000). They will usually launch a preliminary attack for a period of an hour or two just to prove they can do it. Then they will give the victim four or five days to come up with the money. And if they don’t get paid, they’ve been really good at following through with an attack.

Preparing for a DDoS attack
With most of what we’ve seen lately, the biggest enemy seems to be time. If you don’t have a solution or a mitigating environment already in place, it usually takes three to five days to get one set up. We need the ability to reroute all of your web traffic through a scrubbing center and essentially send the bad traffic into a black hole. Once that traffic is scrubbed, we can forward your legitimate web traffic to your location. Not everybody has the bandwidth to do this.

If you have this service in place, there’s nothing further you need do if you are targeted with a DDoS attack. You wouldn’t even see the brunt of the attack, because it has essentially been black-holed. But if you find yourself under threat and the clock starts ticking, it’s going to be a difficult few days.

One option you can leverage to help is a straightforward monthly subscription service.

The first step toward thwarting a cyberattack
As with every cybersecurity threat, the first thing to do is assess your current situation to determine how much risk you can endure. What would be the impact to your business if your network were down for five days?

If you are using a virtual private network (VPN) or software-defined network that runs over your Internet circuits, the effects of this attack could be catastrophic. It’s not just your email or web browser that gets knocked offline, it’s your entire communications platform. So, it’s critical to understand the vulnerability associated with your network. Some people can stand having their website offline for a few days, but if they are relying on the Internet to support remote connectivity, the attack will have a much larger impact.

After you’ve performed this assessment, if you choose to roll the dice, you can still have a plan in place for what you will do and who you will call should you come under attack. And for the record, we’ve had a lot of long days lately, because we’re fully committed to our clients; when we get a call at 11pm Saturday, we get to work at 11pm Saturday.

Thank you for trusting us to help with your cybersecurity needs.
Contact us any time—we’re always happy to help.

Jon

Meet the Author
Jon Bolden is Quest's Certified Information Systems Security Officer
Contact Quest Today  ˄
close slider