The distributed denial of service attack is one of the oldest criminal activities on the web, a distinction it shares with ransomware. In spite of its age, however, DDoS attacks have weathered the years surprisingly well .The reason for that is quite simple – even though at its core, every DDoS attack does the same thing (overwhelms a target with fraudulent requests), DDoS attacks as a whole have evolved significantly over the past decades.
And 2017 saw some of the most significant evolutions yet.
Thanks To IoT, They Are Growing Larger Than Ever
The botnet lies at the core of a successful DDoS attack – a distributed network of infected computers and systems an attacker can use to transmit bogus requests to their target. In the past, botnets were mostly made up of malware-infected computers, printers, and routers. As we connect more and more devices to the Internet, that is rapidly changing.
Now, just about anything in the house could be used to launch an attack – fridges, webcams, toasters, coffee machines, televisions…the list goes on and on. This year saw one of the largest DDoS attacks in recorded history, perpetrated by the Mirai botnet (which we will discuss further in a moment).
As the Internet of Things continues to gain ground, that record will continue being broken.
New, More Complex Attacks Are Regularly Surfacing
In addition to being one of the largest of its kind, the Mirai botnet mentioned in the previous point is also highly-sophisticated. Functionally, it is self-sustaining – it automatically searches the web for vulnerable IoT devices. Those devices are then brought under its control, and used to hurl junk traffic at whatever target its operator desires.
It is not just botnets that are growing more sophisticated, either. DDoS attacks also saw a huge upturn in complexity, and Kaspersky reports that ‘smart’ DDoS attacks – which target script-heavy portions of a website – are on the rise. Encryption-based attacks – which can fool many conventional DDoS-protection tools – are growing more common, as well.
The DDoS-as-a-Service Market is Gaining Ground
DDoS toolkits and botnets-for-sale are nothing new. What is new is the burgeoning market now growing around them. The sales of botnets and DDoS tools have become big business in recent years – in 2016, for example, a teenager arrested for selling a DDoS tool used in 1.7 million attacks admitted to making nearly $400,000 of the sale of the tool.
And consider this: the Mirai botnet we have discussed in this piece can be rented out.
We’re In For A Bumpy Ride
DDoS attacks will continue to evolve as time goes on, and this enduring mode of attack will become more and more common as we move forward. Modern attackers need not even have a full picture of your network to launch a successful attack. Nor do they need to know your security measures to use that attack as a mask for other, more insidious activities.
Understanding this evolution is only the first step. You also need to protect yourself from it. Purchase a DDoS mitigation tool, and make sure you actively monitor your networks.
Because this is going to get worse before it gets better.