Denial of service has been taking down companies for many years. The threat existed even before it reached the internet, with early attackers taking over phone lines to prevent business calls from getting through.
Fast forward several decades and distributed denial of service (DDoS) is likely to form part of any cyber-attack. Favoured by hacktivist groups such as Anonymous, DDoS is also increasingly used on its own to take down a website or service.
The ease with which it can be used - as well as bought and sold online - makes it one of the single biggest threats to enterprises' online activities.
DDoS - which most commonly seeks to make a service slower or unavailable by overwhelming it with requests - began its evolution on the internet as attacks on online gambling sites.
Over the last few years, it has become increasingly mainstream. Recently, the now infamous Lizard Squad has been personally targeting execs with its own DDoS service. Meanwhile, attacks on Sony, Microsoft and Malaysia Airlines have focused attention on the threat DDoS can pose to the business continuity and reputation of an organisation.
This is not helped by the fact that DDoS techniques are improving, and an attack is fairly simple to perpetrate. DDoS has evolved since its inception when it depended on volume provided by botnets putting together networks of computers, says Adrian Sanabria senior security analyst at 451 Research. “Previously, you had to have an army of systems to take down a network, but you just don't anymore. Now it can be done from one computer; it's cheap and easy to do.”
The barriers to entry for initiating DDoS attacks are now much lower, agrees Kaveh Ranjbar, chief information officer at RIPE NCC. He explains to SC: “There's a lot of readily available infrastructure which can be leased online to execute a DDoS attack, with minimal technical know-how. Some of the tools are even freeware, and can be used concurrently to maximise the impact.”
Although attacks are still not particularly sophisticated, the scale of DDoS continues to grow. According to a recent report, DDoS attacks have seen a considerable increase in size, duration and complexity over the course of the last decade, with some said to top 400Gbps.
Last year also saw widespread adoption of new techniques, leading to the most concentrated storm of “volumetric attacks” ever seen, says Darren Anstee, director of solutions architects at Arbor Networks. He explains: “Volumetric attacks saturate the internet connectivity of the target effectively taking them offline, and potentially impacting the services of other organisations connected to the same network.”
This ‘collateral damage' can often occur due to the scale of these attacks, the largest in 2014 weighing in at around 400Gbps.
DDoS attacks can be motivated by hackitivism or used for blackmail and ransom. For example, says Konrads Smelkovs security consultant at KPMG's Information Protection practice: “Attackers will pick a site that's up and coming, do 15 minutes of denial of service and follow up with an email demanding ransom money.”
DDoS is also increasingly used as a smokescreen to camouflage other cyber-attacks, including data breaches and financial fraud. According to Neustar's 2015 DDoS Attacks and Impact Report, 52 percent of companies find themselves the victims of theft, with many businesses reporting additional loss of customer data, intellectual property or money during a DDoS attack.