Even big organisations can be overwhelmed by a DDoS attack
Even big organisations can be overwhelmed by a DDoS attack

With a spate of high profile and highly successful DDoS attacks in recent months, there's little doubt that DDoS is a threat to be reckoned with. But who is behind the wheel, and are they driving us towards DDoS Armageddon?

According to the latest Worldwide Infrastructure Security Report from Arbor Networks, DDoS attack sizes are growing (up 20 percent to a peak of 500Gbps) along with attack volumes. Indeed, 51 percent of DDoS targeted organisations reported a complete saturation of their bandwidth, that's a 35 percent rise from 2014.

Which is hardly surprising when there's good money to be made out of DDoS. Ransoms are certainly a potential driver, even if you discard the misreported £1 million demanded of Lincolnshire County Council that turned out, in reality, to be just £500.

When Skyhigh Networks researched this, it discovered a quarter of organisations would pay ransoms to prevent an attack, and in fact 14 percent would pay as much as $1 million.

However, is it the case that this psychology of payment to prevent falling victim, rather than accepting there needs to be adequate investment in technical defences, is a big part of the problem when it comes to DDoS motivation perhaps?

The tools to launch a successful attack are becoming at once both more accessible and more powerful.

Forget DDoS as the realm of the hacktivist first – it seems we may have gone full circle to return to the days of virtual extortion by the organised criminal enterprise.

At least that's what you might think, but is it actually the case? There have been claims that two attacks in particular, on the BBC last year and HSBC last week, were simply testing grounds for attack capacity rather than extortion attempts, smokescreens for other cyber-crime or just for the lulz.

Given that these are huge organisations with plenty of financial resources and technical clout to throw at DDoS attack mitigation, it certainly has raised the bar when it comes to what we can expect.

It has also left us wondering who was doing the testing and for what ultimate payload? Could it be cyber-crime related (maybe as 'marketing' for a DDoS for hire service) or a state-sponsored actor (flexing its muscle) or something else?

"With DDoS techniques ranging from botnets to brute force attack campaigns to low bandwidth, sophisticated application-layer attack mechanisms, the reality is that the motivations for these attacks can be totally random, or purposefully targeted," admits Dave Larson, chief operating officer at Corero.

In conversation with SCMagazineUK.com Larson suggested the motive for the attacks in the case of the BBC and HSBC may well "simply be to prove the capability in order to monetise it by selling it as a service to other individuals or organised crime syndicates".

The bottom line, according to Larson, is that attacks of this size and the ability to utilise them to take virtually any company offline is a reality that anyone with an online presence must prepare for.