DDOS is emerging as a state attack tool of choice, how should I prepare?
Cybercrime is about as old as the Internet on which it happens, and DDoS attacks are one of the oldest attack vectors that are still effective. The first one occurred in 1999, disabling the internal network of the University of Minnesota – but unfortunately, this hacking method has evolved a great deal since then. Its targets are different as well, and in 2022, DDoS is reemerging as one of the predominant tools for state-sponsored cybercrime worldwide.
With this in mind, we’ll explore some recent DDoS attacks, their consequences, and how companies and organizations can protect themselves against this specific cyber threat.
What Are DDoS Attacks?
Unlike many other devastating forms of cybercrime, DDoS – distributed denial of service – attacks don’t try to breach their target’s cybersecurity perimeter; they simply don’t need to.
These attacks use many connected devices to overwhelm a website with an insane amount of fake traffic. Combined with the target’s traffic from actual users, this usually results in a crash. The whole point is to render the website and its services unusable to legitimate, everyday users.
In many cases, these DDoS attacks are just a distraction from other malicious actions – while the website management is busy trying to restore their servers, hackers attempt to breach their cybersecurity.
When successful, a DDoS attack is usually quite noticeable because it affects the entire user base of the target. Apart from cyber vandals, this makes DDoS attacks popular among hacktivists and state-sponsored hackers who target enemy countries.
Depending on the website’s management and server infrastructure, a DDoS attack’s impact may vary – however, in many cases, it lasts for weeks and sometimes even months. This makes it particularly potent and destructive, seeing as it results in lost revenue, lower consumer trust, and significant repetitional damage in general.
So, with all of this in mind – let’s explore recent DDoS attacks across the globe.
Russo-Ukrainian Conflict And DDoS
In the first half of 2022, the number of noticed DDoS attacks rose almost exponentially. The main reason for this was the escalating conflict between Russia and Ukraine, which also spilled over into the Internet.
During the first few months of the war, cyber vigilante and cybercriminal activity has risen significantly, and both pro-Russian and pro-Ukrainian hackers have attempted to disrupt the other side.
This is one of the best examples of state-sponsored cybercrime, where both countries embroiled in conventional warfare also tried to create chaos online by:
● DDoS attacks on government websites;
● Defacing media websites
● Leaking and stealing information.
DDoS attacks have proven particularly useful for damaging online infrastructure and restricting services in the short term, and the threat landscape in those two countries shifted as a result. Before February 2022, the most noticeable cyber-criminal activities were actions by hacker crime syndicates that targeted remote workers during the pandemic.
By the end of 2022, a wave of patriotic hackers working for all sides became the predominant force. However, it would be wrong to pin most DDoS activity on the war in Ukraine. Other hacktivists from various countries have also targeted media websites and opposition politicians during the 2022 presidential election in the Philippines. Some websites linked to the Israeli government have been attacked by DragonForce Malaysia – a politically-motivated cybercriminal organization.
It’s also worth noting that the number of RDoS – ransom denial of service – attacks has also risen in 2022. These are DDoS attacks combined with blackmail and extortion, committed by ransomware gangs that threaten further attacks if the target doesn’t pay their required price.
Taiwan And Google
Nancy Pelosi, the Speaker of the House of Representatives in the U.S. Congress, visited Taiwan in the face of growing Chinese threats to the island’s sovereignty. On the day of her visit, hacktivists sponsored by the Chinese government targeted the website of the president of Taiwan with a DDoS attack, causing it to malfunction. The same happened to the country’s foreign ministry and government portal websites.
While the websites’ functionalities were quickly restored, the Taiwanese government points to this attack as just a taste of the information warfare likely to come from the nearby mainland. This show of cyber force resulted in an astounding 8 million traffic requests in a single minute – an attack that would easily bring down most websites that aren’t social networks. And predictably, most of the IP addresses used in the attack were traced back to China.
However, that’s not anything near the extent of power Chinese state-sponsored hackers have shown in the past. The largest DDoS attack ever recorded was perpetrated by a Chinese group of cyber-criminals in 2017 – and their target was Google.
The search engine giant managed to absorb the attack, however, and it wasn’t successful – but its bandwidth was still 2.5 Tbps at its peak, and practically any other company in the world would have likely succumbed.
And sure, the attack was ultimately ineffective. However, it still pointed out a number of server vulnerabilities that Google had to patch up afterward. This was particularly interesting in the context of DDoS attacks and state-sponsored cybercrime – up until then, government-backed attackers usually resorted to hacking or phishing campaigns, because large-scale DDoS attacks require a more coordinated effort; especially against tech giants like Google.
How To Deal With DDoS Attacks?
So, what should an organization do in the event of a DDoS attack?
The first step is for the network administrator to explore and confirm the origin of the outage; sometimes, a service outage is the result of maintenance or an unintentional in-house issue. However, if the source of the outage is a DDoS attack, the next step is to find its source. Then, firewall rules can be applied to mitigate the issue, and traffic can be rerouted via DDoS protection services.
It’s also possible that your organization or company isn’t the actual target of the attack – sometimes, it’s your ISP, and you’re just feeling the consequences of the outage. With that in mind, it’s also worth checking with your ISP and seeing if the outage isn’t present on their end.
Prevention Is An Absolute Necessity
Of course, the ideal scenario isn’t recovering from a DDoS attack – you want to reduce the risk of them happening in the first place. For starters, you need anti-DDoS services, like WAF – web application firewalls.
A WAF can defend you in case of a DDoS attack. Usually, these service providers help you by rooting out malicious traffic and rerouting it before it can do damage to your network and overload it. All incoming data packets are monitored, and anything potentially malicious is blocked.
You can find various kinds of anti-DDoS solutions – even WAF comes in different varieties, from cloud-based services and software to hardware appliances. Generally, cloud-based solutions give you the most scalability and flexibility, but they’re also the most expensive.
However, you also need to be aware of any DDoS-related vulnerabilities that could attract hackers to your organization’s website. That’s why Rescana offers OSINT-based cyber-risk management across various attack surfaces – including DDoS vulnerabilities. You can quickly get a DDoS readiness assessment that shows precisely how well-prepared your website is for this eventuality.
Remember – DDoS attacks aren’t showing any signs of reduction, and their pace is only set to ramp up in the future. Third-party risk management is necessary so you and your partners can protect your online infrastructure from costly repairs and repetitional damage.