DDoS attacks: How to combat the latest tactics

With DDoS-as-a-Service, criminals with a little know-how can launch denial of service attacks for just a few dollars, says Digital Shadows.

Image: Timur Arbaev

Amidst all the different types of cyberthreats, distributed denial of services (DDoS) attacks don’t typically strike as much fear as do ransomware and malware, but a concerted DDoS attack can wreak major havoc. Cybercriminals flood your website and server with requests that can easily slow it down or even crash it. By disrupting your business, a prolonged DDoS attack can inflict financial losses, damage your brand and reputation, and lead to a lack of trust among customers.

SEE: Distributed denial of service (DDoS) attacks: A cheat sheet (Free PDF) (TechRepublic)

Further, DDoS attacks have become more dangerous and challenging as they’ve adopted a range of innovative tactics. A report released Tuesday, by digital risk company Digital Shadows, describes how DDoS attacks have evolved and what organizations can do to better combat them.

In its report entitled “Work Smarter, Not Harder: The Evolution of DDoS Activity in 2020,” Digital Shadows highlighted three major trends in DDoS attacks that surfaced or resurfaced this year and are likely to play an ongoing role next year.

IoT devices

As businesses have increased their use of Internet of Things (IoT) devices, cybercriminals have sniffed out another area of technology ripe for exploitation. In particular, IoT devices that go unpatched and sport weak passwords are ideal targets for DDoS attacks. Mirai may be the first and best known such botnet, commonly used to launch concerted DDoS attacks against IoT devices.

After Mirai’s developers publicly released the source code in 2016, other criminals were able to build new and improved botnets able to adapt. One recent example is Ttint, a botnet found in October 2020 that not only carried out DDoS attacks against routers but changed firewall and DNS settings and set up remote access.

DDoS-as-a-Service

With malicious campaigns up for sale on the dark web, criminals don’t need much in the way of technical skills to launch an attack, and that’s true with DDoS-as-a-Service. Ads for DDoS services offer toolkits for rent for as little as a few dollars a month, according to Digital Shadows. In fact, the cost of such services have dropped from an average of $25 in 2017 to less than $7 over the past six months.

DDoS-as-a-Service sales are no longer just limited to the dark web. Cybercriminals have been able to promote their services on YouTube and Reddit simply by referring to their products as “stressors” designed to test the robustness of a web server.

Anubis DDoS service listed on a cybercriminal marketplace.

Image: Digital Shadows

Extortion

Taking a page out of traditional ransomware, cybercriminals have been threatening DDoS attacks against organizations unless they pay an extortion fee. Such attempts can easily fail if the organization doesn’t take them seriously. A successful attack can disrupt server activity and business operations, even when carried out by unsophisticated or inexperienced attackers.

On August 2020, an unnamed criminal gang trying to impersonate infamous groups such as Armada Collective and Fancy Bear launched a campaign against the New Zealand stock exchange (NZX). This one proved more sophisticated than other DDoS attacks as it didn’t just target public websites; it hit backend infrastructure, application programming interface endpoints, and DNS servers. The campaign forced the NZX to halt trading for several hours each day over the course of four consecutive days.

To protect your organization against the latest tactics used in DDoS campaigns, Digital Shadows offers the following advice:

Prepare a contingency plan. Recognize your critical services and resources and make sure you have an updated response plan so that the most sensible assets are protected.
Keep your friends close. Maintain a clear communication channel with your internet service provider and cloud providers as their support will be crucial during a DDoS attack.
Keep your enemies closer. Build an extensive knowledge base of threat actor groups and their preferred tactics and techniques as this can help demystify spoofs and impersonations.
Know your digital exposure. Keep a record of your critical assets and monitor your internet footprint so that you’re not surprised by threat actors.
Protect those IoT devices. Use complex passwords, update unpatched devices, and try to keep unsecure IoT devices off your main working network.