Looking Back and Understanding the 2019 DDoS Threat Landscape

by | Apr 14, 2020 | Technology Featured

Organizations face a wide number of potential cyber threats. Data breaches and ransomware probably have the greatest visibility since they target an organization’s most valuable resource, data, and potentially could result in penalties for regulatory non-compliance.

However, these cover only a fraction of the cyber threat landscape. Another growing threat is that of a Distributed Denial of Service (DDoS) attack. Cybercriminals are increasingly able to access computational resources for use in DDoS, meaning that these attacks are becoming easier and cheaper to perform. As the price of the DDoS attack goes down, the frequency, and impact to its targets, increases.

In the short term, many organizations are not currently facing a major threat of DDoS attacks. In 2019, the majority of these attacks targeted organizations in only a few industries. However, this is likely to change as the price of a DDoS attack decreases and its usefulness as a tool for cyberattacks becomes more well-known.

The DDoS Threat is Growing

The simplest DDoS meaning is to degrade or destroy access to an organization’s website or other Internet-facing services for legitimate users by taking advantage of the fact that every system has a maximum capacity of data that it can process. Meet or exceed this number, and an unprotected system has no bandwidth remaining for legitimate traffic.

In recent years, the average cybercriminal’s ability to perform these attacks has been growing steadily. DDoS attacks don’t require exploitation of a vulnerability or other security flaw in a target system (other than the failure to deploy a DDoS protection system). They only require the attacker to have sufficient computational resources and network bandwidth to produce the traffic needed to overwhelm the target system.

As the face of the Internet evolves, these resources become easier and easier to obtain. The rise of the Internet of Things (IoT) has provided cybercriminals with a large number of devices that can be added to their botnets. These IoT devices are typically Internet-facing, poorly secured, and prone to a number of basic security issues, such as the use of insecure network protocols (like Telnet) and default manufacturer passwords.

For cybercriminals who don’t want to use IoT devices for their botnets, the growth of the cloud has created other options. Some cybercriminals have transitioned from IoT-based botnets to cloud-based ones. In fact, one cybercriminal recently released information that could be used to compromise over 500,000 IoT devices since he no longer needed it, having switched over to a cloud-based botnet. The increased use of these cloud-based botnets also allows the number of cybercriminals operating botnets to increase since ones using cloud resources do not need to compete for the limited number of vulnerable IoT devices.

This increased availability of DDoS bots has driven down the price of operating a botnet and performing enterprise-scale DDoS attacks. While this contributes to a growing number of attacks, it has also created the DDoS service economy, where cybercriminals can sell the services of their botnets to third parties.

Not All Companies are Targeted Equally

With DDoS attacks becoming more and more affordable, their targets have been shifting. While, in the past, DDoS attacks may have been primarily used to advance the goals of the cybercriminal, this is no longer the case. In 2019, the vast majority of DDoS attacks targeted the gaming and gambling industries. According to research, 35.92% of attacks targeted gaming platforms, and online gambling accounted for another 31.25%. Of the remaining 32.83%, 26.51% of the attacks targeting the computing and Internet sector.

This shift in DDoS targets demonstrates that a large number of them are motivated by third parties. In general, performing a DDoS attack against a gaming or online gambling platform provides little or no benefit to a cybercriminal.

For a gamer or gambler, on the other hand, such an attack can have a significant impact. On these platforms, if an opponent cannot connect to the server or experiences network lag, it could degrade their gameplay or even result in an automatic forfeit of the game. By using DDoS attacks to sabotage opponents’ games, players can help to ensure that they retain high spots in global ranking boards.

Egaming and gambling has become a very lucrative industry; however, even non-professional gamers and gamblers are often quite invested in their games. As the price of a DDoS attack is driven down, using one as a competitive advantage is becoming increasingly common.

Protecting Against DDoS Attacks

In 2019, the majority of DDoS attacks were against gaming and gambling platforms, driven by players that wanted an unfair advantage in their gameplay. However, the ability to use DDoS attacks in this way was made possible by the fact that DDoS botnets are easier and cheaper to create and use than ever before, allowing cybercriminals to offer them “as a Service”.

While the use of DDoS as a Service is currently mainly restricted to the gaming and gambling industries, this could easily change in the coming years. Cybercriminals that do not have control over a DDoS botnet or individuals with a grudge against an organization may take advantage of DDoS as a Service offerings to attack an organization.

The low cost and affordability of DDoS attacks means that any organization could become a victim of these attacks. As the DDOS threat grows, protecting against these attacks, by deploying a strong DDoS mitigation solution, becomes an essential part of an organization’s cybersecurity defensive strategy.

Share This