Recently it seems that every week we hear of a major website being unavailable due to a DDoS attack but what is it and why is it becoming so common?
A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic.
It appears that along with these attacks becoming more common, they are also becoming more serious in the sheer bandwidth that is being used. Speaking to a recent victim they saw over 80Gbps being used against their IP’s, very few providers could sustain that bandwidth. To put this into perspective in Q4 of 2013 the average DDoS attack was using an average of 2.14 Gbps.
In recent months major names have been attacked such as the BBC (reportedly over 600Gbps), Sony PlayStation network, TalkTalk, Carphone warehouse and many more but why?
It would seem that essentially the groups doing this wish to extort money from their victims, using blackmail with the threat that if they do not pay then attacks will continue. However could you trust a black mailer not to do it again after payment? This is why it is generally reported that companies do not pay, however it seems reasonable to assume that some companies do pay as these sort of attacks cost money to implement and so they must be worthwhile to the criminals?
The type of payment is the issue in these ransom situations as payment is always instructed to be made in bitcoins and so is totally untraceable (if you know what you are doing). It is also thought that money gained in this way often finds its way to support worldwide illegal activity.
You don’t have to be a large company to suffer a DDoS attack but the attackers do go to where they believe ransom money is available, however if you do become a victim of a DDoS attack and subsequent blackmail it is best to treat it as an exercise to bolster your security and potentially test your DR strategy, it is not advised to meet the demands of the cyber criminals.