A simple cyberattack is becoming more destructive and commonplace
Less-sophisticated website takedowns are proving to be hackers' tool of choice this summer — alarming government officials and putting major companies on the defensive.
Driving the news: The Cybersecurity and Infrastructure Security Agency released an advisory right before the holiday weekend warning about reports of several distributed denial-of-service (DDoS) attacks targeting "multiple organizations in multiple sectors."
- Microsoft confirmed last month that a DDoS attack caused outages across its Azure, Outlook and OneDrive services.
The big picture: For decades, hackers have been using DDoS attacks to briefly take websites offline by overwhelming their servers with an absurd amount of malicious bot traffic.
- But in the last few months, the number of DDoS attacks has grown — and more sophisticated hackers have started using them as part of larger hacking campaigns to further antagonize their victims.
What they're saying: "As we have this sort of fragmented approach and this move to APIs and move to the cloud and all of these things, what we're seeing is a lot more instances where attackers are able to hit these websites where it hurts," Erick Galinkin, principal researcher at Rapid7, told Axios.
Zoom out: The cybersecurity establishment has largely shrugged off DDoS attacks, since they've typically been the work of low-level hacking groups looking for media attention or to make a name.
- The attacks also don't last long: 89% of DDoS attacks in 2022 lasted less than an hour, according to Microsoft.
- DDoS has also been the tactic of choice among politically motivated hacktivist groups, like Killnet and Anonymous Sudan, in the last year.
By the numbers: The total number of DDoS attacks grew 47% in the first quarter of 2023 compared to the same period last year, according to a report from cybersecurity company StormWall.
- Attacks on the finance sector and e-commerce companies saw the biggest growth, the report noted.
Between the lines: DDoS attacks have gotten longer and larger, according to Cloudflare, a company that provides DDoS protection.
- Part of the reason for this is that botnets — networks of malware-infected computers controlled by an attacker — are much easier to create and deploy for attacks, Galinkin said.
- "Now you can build a 14-million-strong botnet by infecting lightbulbs and thermostats and fridges and things," he said. "The attack surface for creating the bots that generate the traffic is much larger than it ever has been."
The intrigue: Some hackers have also started combining the ease of launching a DDoS attack with the financial payoff offered by ransomware.
- Galinkin said he's spotted ransomware gangs and data theft extortionist groups launching DDoS attacks against organizations while they weighed whether to pay a ransom to decrypt their files or prevent a data leak.
- 16% of those surveyed in Cloudflare's report said that in the first quarter of 2023, they faced a "ransom DDoS attack," where hackers demand a ransom to either stop or avoid a botnet attack on an internet-connected application.
Yes, but: The significance of a DDoS attack still depends on what kind of organization is targeted and for how long, Galinkin said.
- An attack on an e-commerce site that relies heavily on its website to bring in revenue has a bigger impact than an attack on a hospital's payment processing portal, which wouldn't affect core operations, he added.
Be smart: To prepare for an attack, companies should create a contingency plan, such as having a backup server to quickly switch to, in the event they're taken offline, Galinkin said.
- CISA recommended organizations enroll in a DDoS protection service and take inventory of assets that are exposed to the internet.
Sign up for Axios’ cybersecurity newsletter Codebook here