DDoS Attacks as a Tool to Supplement Conventional War Efforts

The number of Distributed Denial of Service (DDoS) attacks grew five-fold in just a year.

The Ukrainian government and financial institutions have been battling an ongoing wave of DDoS attacks directed at their infrastructure that coincide with the Russian regime’s unprovoked war raged against their country. Although denied by Russia, intelligence agencies in the UK and the US pin the cyberattacks on the Russian state.

Still, the usual motivator for such an attack remains money. For example, cybersecurity firm Imperva recently repelled a DDoS attack on an undisclosed organisation that carried a ransom note demanding one bitcoin (around $40.000 at the time) per day for the attack to be stopped and remain so.

According to cybersecurity researchers at Securelist, the global number of DDoS attacks has grown by a staggering 500% in just a year from the last quarter of 2020 to the last quarter of 2021.

“A big part of the reason why DDoS has been on such a dramatic rise is that you don’t need to have the technical knowledge to carry out such an attack anymore,” said Juta Gurinaviciute, the Chief Technology Officer at NordLayer, a network security provider. “The Cybercrime-as-a-Service industry is booming, and an interested party could hire such services for merely hundreds of dollars. It’s a low-risk, high-reward play for the criminals, and that is why organizations need to stay vigilant in protecting themselves against DDoS.”


What exactly is a DDoS attack?

Distributed denial of service (DDoS) is a cyberattack that aims to cripple or take down a target network or machine by overflooding it with superfluous requests. In such an attack, the target is overwhelmed with requests originating from various sources, leaving the system paralysed to respond to legitimate requests or crashed altogether.

Usually, DDoS attacks are carried out via botnets (short for bot network) — networks of globally-scattered and infected devices used to carry out attacks as an organised unit. A botnet can consist of compromised computers and other devices and is controlled remotely by a threat actor. Some botnets are of enormous size, too. For example, the notorious Meris botnet is consisted of more than 250.000 infected devices and growing.

“Cybercrime is booming globally, and DDoS attacks are one of the key threats organisations are facing,” said the NordLayer CTO. “At the time when increasing amounts of businesses and organisations are establishing their online presence, entry barriers of becoming a cybercriminal are lowering. Decision-makers need to plan ahead to avoid reputational and fiscal damages caused by DDoS attacks. Once the attack is underway, there is little an ill-prepared organisation can do to stop it.”



Safeguarding organisations against DDoS

In most cases, DDoS attacks are distributed to target infrastructure, applications, and data simultaneously. This is done to expand the attack perimeter and increase the likelihood of success.

If a given company does not have an early DDoS threat detection system in place, they won’t know if the attack is happening before their website slows down or crashes completely.

To combat these attacks, organisations have to develop and execute an all-encompassing strategy, which would consist of, but would not be limited to, steps like:

Monitoring network traffic

Knowing the difference between normal and abnormal traffic is the first line of defence against a DDoS attack. Unusually high traffic is one of the symptoms of an ongoing DDoS attack, and being able to tell the difference is crucial.

Having a DDoS response plan

Once the warning signs are there, there is no time to think of what to do next. That is why having a thorough response plan is essential. A plan of this kind should include a systems checklist, a list of go-to personnel, defined procedures, a crisis communication plan, and a list of every stakeholder that should be informed about the incident.

Securing network infrastructure

A comprehensive threat management system is needed to ensure an organisational network is well protected against a possible DDoS attack. A system like that would include a anti-ddos service, VPN, content filtering and anti-spam software, a firewall, a load balancer, and possibly other solutions. Each of these doesn’t have to be run separately – for most businesses, the best way about it is to use a cybersecurity provider offering some or all of the services as a package.

Prioritise cloud-based solutions

Apps hosted on the cloud are protected by the providers — this way, the malicious traffic is curbed before reaching the intended destination, e.g., your business.