“Nice website you’ve got there. It would be a shame if anything was to happen to it.” That, in essence, is the core threat of DDoS extortion — and, for many, it may be enough of a threat to get them to pay up to avoid their business falling prey to a potentially devastating cyberattack.
For those unfamiliar with it, DDoS (Distributed Denial of Service) attacks refer to a brand of cyberattack in which the target or victim is overwhelmed with massive quantities of fraudulent traffic.
A subclass of regular denial of service (DoS) cyberattacks, DDoS attacks harness a botnet, a collection of (usually malware-infected) remote control internet-connected devices, in order to direct traffic toward a website or service with the express goal of knocking it offline. In other cases, it might simply render it so slow and ineffective that the results are, essentially, the same: Stopping it from being available to legitimate users.
DDoS attacks can continue for long periods of time, and result in massive losses for businesses through both unrequested downtime and dented user loyalty.
The threat of a DDoS attack
It’s this fear that cyber attackers tap into when they carry out DDoS extortion attacks. Depending on the size of the business, a DDoS attack can cost anywhere from thousands to tens or even hundreds of thousands of dollars in damages — and that’s without factoring into long-term reputational damage. Attackers therefore assume that many companies will begrudgingly pay a significant amount to avoid such an attack taking place. In more extreme cases, attackers may even launch an attack and then charge the user if they want to stop it.
Over the years, DDoS attacks have gotten larger. This is both due to the increased traffic that is now required to slow down or disable an online service, and also the number of devices which can now be galvanized in a botnet. For instance, the Srizbi botnet was estimated at around 450,000 compromised computers. Meanwhile, the Mirai botnet — one of the most infamous botnet attacks of all time — tipped the scale at anywhere between 800,000 and 2.5 million infected devices.
Giant attacks are on the rise
Recently, a large ransom-based DDoS attack was leveled against a European gambling company: bombarding it with an attack that, at its worst, amounted to 800 gigabytes per second (Gbps). This was after a campaign of such attacks which increased from more than 200Gbps in August 2020, rose to more than 500Gbps in September, and then continued right on climbing. The attackers utilized a new volumetric DDoS attack vector in the form of networking protocol Datagram Congestion Control Protocol (DCCP), also known as protocol 33. This can be used to bypass defenses that are sometimes to defend against the massive flood of TCP and UDP traffic frequently seen during such attacks.
DDoS extortion attempts have been part of the cybersecurity threat landscape for years. However, they have greatly ramped up more recently — leading to the FBI even issuing a warning about their prevalence to companies in the United States. There are likely a couple of reasons why such attacks are increasing. One is the greater reliance people are currently placing on connected infrastructure during the pandemic. The other is the ease with which DDoS attacks can now be launched — for as little as a few bucks.
The importance of safeguarding against attacks
A threatened DDoS attack is enough to strike fear into the heart of even the biggest companies. But it’s important that those targeted do not cave in and pay whatever ransom is demanded of them. Even assuming that the threat is legitimate (and, in some cases, it may not be), handing money over to cyber attackers may simply mark you out as someone willing to pay to avoid such attacks. These details will be saved, and may even be passed on to others, so that there is an increased likelihood of being victimized by future extortion efforts.
Instead, businesses should safeguard by proactively protecting against DDoS attacks. With such attacks growing larger and more common — and no sign of this trend abating — businesses should invest in the right DDoS mitigation tools to defend themselves against DDoS. Fortunately, these tools exist. A Web Application Firewall (WAF) is able to assist with blocking bad traffic, while continuing to allow properly filtered traffic through from genuine users. Cybersecurity experts are also able to help provide the means to absorb attacks without them rendering websites or online services inaccessible.
The DDoS threat is one that, justifiably, should pose concerns to anyone or any business who does business online. However, by choosing the correct measures to protect against DDoS extortion, it’s possible to overcome this threat — so that would-be targets or victims can focus on more important areas. Like running the business they should be putting 100% of their efforts into.