Distributed Denial of Service (DDoS) attacks pose a serious threat to an organization’s ability to serve its customers. A DDoS attack can knock a company’s web presence offline, making it incapable of responding to legitimate requests from customers. And as DDoS attacks become cheaper and easier to perform — an attack or threat of this type — is growing. Here is law enforcement response to DDoS as a service.
Cybercriminals are increasingly offering DDoS attacks for hire, expanding the number and types of businesses that could be targeted by these attacks.
Law enforcement has acknowledged the problem, and some organizations are actively working to take down DDoS marketplaces. However, they are fighting a losing battle as new sites are created when others are taken down. Companies must protect themselves from this threat by deploying DDoS protection (imperva dot com). solutions.
The Growing Threat of DDoS Attacks
DDoS attacks are relatively easy for an attacker to perform. Unlike many types of cyberattacks, they require no vulnerabilities or security errors on the victim’s systems.
Instead, DDoS attacks take advantage of the fact that all systems have a finite maximum number of requests that they can process or data that they can store, transmit, and process. A DDoS attack involves sending more data or requests than this maximum number, either degrading the system’s ability to respond to legitimate requests or knocking it completely offline.
In order to achieve the amount of traffic needed for these attacks, DDoS attackers use multiple Internet-connected systems. These often include Internet of Things (IoT) devices (known for their poor security), cloud computing instances (which offer computational power for lease), and mobile devices (infected via malicious apps).
As the adoption of these new technologies grows, so does the potential threat of DDoS attacks.
In recent years, attacks have grown in number, scale, and sophistication as cybercriminals take advantage of the ability to transform a simple vulnerability (like the use of weak passwords on IoT devices) into a chance to impact an organization’s operations and potentially demand a ransom to stop an attack.
Cybercriminals operating DDoS botnets have also taken advantage of another opportunity to monetize their attacks by offering DDoS as a Service.
The low cost associated with performing a DDoS attack (thanks to modern technology) means that cybercriminals can offer attacks at a very reasonable price while still making a tidy profit.
As a result, the range of organizations potentially targeted by DDoS attacks has expanded dramatically as anyone with a grievance and the willingness to break the law can target an organization of their choice.
Law Enforcement Takedowns Aren’t Enough
DDoS attackers’ pivot to offering attacks “as a Service” provides some advantages to law enforcement. With a cybercriminal operating completely on their own and pursuing their own goals, there may be little or no opportunity for law enforcement to target their infrastructure.
While a DDoS botnet requires command and control (C2) servers, the use of domain generation algorithms (DGAs) and similar tools could allow an attacker to move their infrastructure faster than law enforcement could identify it and take it down.
With DDoS as a service, on the other hand, law enforcement can take advantage of single points of failure in the business model. For customers to be able to engage with a DDoS service provider, they need a means of contacting them and providing payment. These marketplaces provide a target for law enforcement takedowns.
Some law enforcement agencies have worked to address the DDoS threat by shutting down “booter” sites and arresting their operators. The Dutch police have made multiple efforts to take down booter sites, including shutting down 15 sites and making an arrest in April 2020, and the FBI made a similar effort in December 2018.
Despite all these efforts, the DDoS as a Service industry is still going strong.
The reason for this is that the targets that law enforcement can access (i.e., the booter sites and the people that operate them) are not essential to the service. Service providers can easily set up a new website when needed. Arrests and incarceration are intended to be a deterrent, but the poor track record of convictions for cybercrimes (and the jurisdictional issues) mean that many DDoS service providers are undeterred.
These takedowns rarely impact the actual botnets used in the attack, making it easy for the cybercriminal (or another one who compromises the same devices) to continue operations with a new domain.
Protecting Against the DDoS Threat
DDoS attacks are an ever-growing threat to organizations’ ability to maintain the availability of their web services and maintain “business as usual.”
The pace of adoption of new technology, such as IoT, mobile, and the cloud, is outpacing the ability (and potential willingness) of their manufacturers to properly secure them against exploitation. As a result, the number and size of DDoS botnets in operation continues to grow.
Law enforcement organizations, such as the Dutch police and the FBI, are making an effort to fight DDoS attacks, but trying to stop DDoS attacks via booter site takedowns and arrests is a losing battle.
Attribution is difficult, and websites are easy to replace, making it possible for attackers to quickly continue business as usual.
Organizations must take protection against DDoS attacks into their own hands. As DDoS attacks become more well-known, widespread, and affordable, the range of organizations targeted by them is likely to continue to expand.
Deploying a DDoS protection solution that is capable of identifying and blocking attacks with extremely high traffic and data volumes, is an essential component of any organization’s cybersecurity strategy.