2016 was certainly an eventful year, with some seismic global events. In the grand scheme of disruption and upheaval, it might not have been DDoS attacks that had the biggest or longest lasting effect, but their impact was not inconsiderable. And it does not look like the situation will improve in 2017. In fact, DDoS attacks are likely to get worse this year.Posted on 11 January 2017 -
The trend last year was for increasingly frequent DDoS attacks on an increasingly large scale. As early as January 2016 we felt the need to write about recent DDoS attacks that targeted some of our high profile Irish clients. By September 2016, the Krebs On Security website was subject to what was reportedly the largest DDoS attack ever seen, which demonstrates that launching an attack is easier than ever before. That’s set to continue in 2017.
Let’s take a step back for a second to set the scene. A DDoS attack is essentially an artificial traffic surge to a website. In the same way that an unexpected traffic spike might take a website offline if the correct hosting infrastructure was not in place, a DDoS attack hits a website with a large and prolonged flood of data that any server would struggle to withstand.
We’re not talking about an intricate or expert procedure. This is a simplistic, unsophisticated and brutish tactic, but it’s also devastatingly effective. Like Wimbledon FC in its heyday.
Since DDoS attacks are relatively easy to perform, there is no shortage of unscrupulous characters prepared to conduct one in return for a few Bitcoins. That’s certainly one of the reasons why the number of attacks has been increasing.
It seems likely that there are a variety of different people with different motives using DDoS attacks. Undoubtedly some are what would be termed script kiddies: bored adolescents with a desire to inflict some cyber vandalism, but lacking the technical nous to implement anything a bit more imaginative.
The attacks we’ve found ourselves caught up in hinted towards some sort of hacktivism but, again, without the skill required to formulate a meaningful or targeted attack on a specific target. We’ve previously discussed why there would have been a stigma attached to this brand of cyber-fumbling until very recently.
The sheer scale of some of the latest attacks suggests that bigger fish are now staging DDoS attacks. State actors and commercial entities - either directly or by proxy - appear to be involved. Ruining a day’s business for a financial institution or large corporation might have its benefits if you happened to be a political or commercial competitor. As we’ve already established, such attacks can be carried out very cheaply, very easily and under the guise of being a teenager with nothing better to do.
Clearly this larger scale brand of attack, with motives beyond causing annoyance and irritation, poses a greater threat and it’s this that we fear we will see more of in 2017.