DDoS – Motivations for the Madness, Part 2

DDoS – Motivations for the Madness, Part 2

March 28, 2016 | Adeline Zhang

Track: General Security

Author: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS

DDoS motivationsIn an earlier blog post I described some of the threat actors and the motivations that often fuel DDoS attacks.

Continuing with this theme, another prominent motivation reared its ugly head in the late 2000s.  Cyber hacktivism, as it is called today, is still one of the most observed motivations for DDoS attacks.  People who claim to have a substantiated reason for launching attacks, based upon their personal, social, moral, or political agenda, launch attacks daily against a host of helpless victims.  The reasons behind the attacks can be based on just about anything that someone doesn’t like.  One recent example was an attack on Nissan from a group protesting Japan’s stance and policies with respect to Marine life.

The next motivation is all about money.  Today, attackers motivated by extortion send emails to organization all over the globe, warning of a pending DDoS attack.  Asking for as little as 40 bitcoins to be deposited in online account, those that pay the ransom normally won’t get attacked.  Those that don’t pay will likely wish they had; especially if they have no DDoS defenses in place.  This motivation is a serious threat, and the payoffs will likely increase tenfold if people are receptive to paying the ransoms.  In addition, copycat actors will likely follow others using this motivation for future attacks.

The final motivation today is called Dark DDoS.  Threat actors in this case, use DDoS attacks as smoke screens to hide their other insidious activity.  This activity includes network and application breaches and normally includes data exfiltration. Attackers understand that hiding as much of their activity as possible, allows their activity to often go unnoticed.   Flooding logging systems with nothing but DDoS alarms, helps attackers achieve these goals.

As we have seen here, the motivations for attacks are broad and complex.  Those with no defenses in place, or those that rely solely on traditional approaches, are helping to fuel the fire. As long as the attacks are successful, hackers will continue to take organization offline and steal valuable data. NSFOCUS works with service providers, hosting providers, gamers, and enterprises daily to help defeat the effects of DDoS attacks.  Although these attack vectors and the motivations will not go away anytime soon, organizations with the right defenses can completely protect themselves from DDoS attacks.


Stephen Gates

Steve is a key research intelligence analyst with NSFOCUS IBD. He has been instrumental in solving the DDoS problem for service providers, hosting providers, and enterprises in North America and abroad. Steve has more than 25 years of computer networking and security experience with an extensive background in the deployment and implementation of next-generation security solutions. In his last role, Steve served as the Chief Security Evangelist for Corero Network Security before joining the NSFOCUS team. Steve is a recognized Subject Matter Expert on DDoS attack tools and methodologies, including next-generation defense approaches. You can usually find Steve providing insight, editorial, industry thought leadership, and presentations covering the latest security topics at RSA, SecureWorld, SANs, Black Hat, IANS, ISSA, InfraGard, ISACA, etc.