DDoS attacks are getting more powerful as attackers change tactics

Researchers say 2020 has seen the largest number of DDoS attacks ever with campaigns that are more powerful than before, too.

Why DDoS attacks are one of the biggest cyber challenges you might face during 2020

There's been a surge in Distributed Denial of Service (DDoS) attacks throughout the course of this year, and the attacks are getting more powerful and more disruptive.

DDoS attacks are launched against websites or web services with the aim of disrupting them to the extent that they are taken offline. Attackers direct the traffic from a botnet army of hundreds of thousands of PCs, servers and other internet-connected devices they've gained control of via malware towards the target, with the aim of overwhelming it.

An attack can last for just seconds, or hours or days and prevent legitimate users from accessing the online service for that time.

SEE: Security Awareness and Training policy (TechRepublic Premium)    

And while DDoS attacks have been a nuisance for years, the prospect of corporate, e-commerce, healthcare, educational and other services being disrupted at a time when the ongoing global pandemic means more people are reliant on online services than ever could create huge problems.

But a new threat intelligence report by cybersecurity company Netscout suggests that's exactly what's happening, as cyber criminals have launched more DDoS attacks than ever before. The company said it observed 4.83 million DDoS attacks in the first half of 2020, up 15% compared with 2019.

"When looking at cyber threats historically, as the footprint of available attack surface increases, so do attacks against them. This is also true in the DDoS world," Richard Hummel, threat intelligence lead at Netscout, told ZDNet.

And while there are sometimes political or financial motivations behind conducting DDoS attacks, in many cases those controlling the campaigns just launch them because they can.

"The motivation behind these attacks are varied from 'because they can' to 'showboating' or even just to cause havoc and disruption," Hummel added.

The bad news is that DDoS attacks are also growing in size, with the potency of the strongest attacks up 2,851% since 2017 – providing attackers with the ability to knock out networks much faster than ever before.

The reason DDoS attacks are getting more powerful is because they're getting more complex, using many different types of devices and targeting different parts of the victim's network. Indeed, attackers are learning that the most basic DDoS attacks are becoming less effective, so are dropping them in favour of more powerful campaigns.

"Attacks leveraging only one vector decreased year over year by 43%. Combine that with attacks across the board being faster, with more packets per second and shorter duration. It means that the attacks happen in short bursts that overwhelm a target quickly, making mitigation more difficult," Hummel explained.

SEE: Network security policy (TechRepublic Premium)

One element that helps the cyberattacks behind botnets for DDoS attacks is that much of the source code for these is available for free. The most notorious case of this is the Mirai botnet, which took out vast swathes of online services in late 2016. The source code for Mirai was published online and it has served as a popular backbone for building botnets since.

The growing number of connected devices also serves to increase the potential power of botnets; not only can attackers take control of insecure PCs and servers as part of attacks, but the rise in Internet of Things (IoT) devices – which are connected to the internet and often have the bare minimum or no security protocols – can be used to power attacks.

Some botnets like Gafgyt are powered by IoT devices alone ,as cyber criminals increasingly look to exploit their lack of protections.

"No matter the target, adversary, or tactic used, it remains imperative that defenders and security professionals remain vigilant in these challenging days to protect the critical infrastructure that connects and enables the modern world," said Hummel.

MORE ON CYBERSECURITY