Distributed denial-of-service (DDoS) attacks have been around for a long time. However, the sophistication and scale of these threats has grown in recent years. Cybercriminals are employing amplification techniques that exploit vulnerabilities in misconfigured services or network protocols to increase the traffic they can generate and maximize the impact of their attacks.
A recent study has shown that DDoS attacks are far from being a thing of the past, as the number of DDoS attacks is up by 40% over the last six months, increasingly targeting sectors such as banking, e-commerce and education. These types of attacks can have a significant impact on organizations, causing financial loss and reputational damage and, as they are growing more frequent, DDoS disruptions continue to pose a real threat to businesses.
Why are these attacks still effective?
Despite being unsophisticated compared to other cyberattacks, DDoS attacks are still disrupting online business and governmental infrastructures. In June of this year, Diablo 4, one of the most prominent video game releases of this year, and other games developed by the Blizzard company, were targeted by a DDoS attack that temporarily interrupted their services. In the same month, Microsoft confirmed it had been victim to Layer 7 DDoS attacks, which caused intermittent outages for its Azure, Outlook, and OneDrive services.
So, if these attacks are considered "old-fashioned" why are they on the rise?
- They are simple: DDoS attacks can be perpetrated with relative ease compared to more sophisticated threats such as big-game hunting ransomware. This means that any malicious actor with a basic level of networking knowledge could initiate a DDoS attack.
- They are offered as a service: it is possible to hire a hacker to carry out the attack for $30 per day or between $10 and $5 per hour. This fee varies depending on the size and duration of the attack or by the type of botnet used by the vendor.
- Availability: DDoS attacks are on the rise due to factors such as the growth of the DDoS-as-a-service market. It has probably never been easier to commission a DDoS attack.
- They are opportune for attackers: companies are increasingly dependent on their online services, digital marketplaces, and real-time services. The service disruption caused by DDoS is costly for companies and can damage their reputation, giving cybercriminals the opportunity to extort money from them.
- They serve as a distraction: they are often used as a diversionary tactic to mask other malicious activities. They can also be a powerful way to attract attention, making them a popular choice among hacktivist groups.
- They add pressure to ransomware attacks: Some ransomware operators, such as Lockbit 3.0, use DDoS attacks to ramp up pressure on the target organization and get them to pay the ransom in a strategy that is known as triple extortion.
- They are immediate: unlike other cyberattacks such as phishing, which require a waiting time until the victim falls into the trap, DDos attacks can be carried out quickly, giving hackers instant access to data and enabling them to prolong or modify an attack in any chosen direction.
Firewalls as a measure to protect against DDoS attacks
The continued rise in DDoS attacks has alerted major cybersecurity institutions such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which has recently issued a warning on the dangers of this malicious tactic. The CISA advises organizations that suspect they have fallen victim to a DDoS attack to identify the source and mitigate the situation by applying firewall rules.
A firewall can block IP addresses and ports, as well as set predetermined traffic thresholds for servers and customers, actions that will prevent a DDoS attack from damaging business networks.