Distributed denial of service (DDoS) attacks against business, government, industry as well as military and intelligence systems continue as strong as ever. In the first six months of 2016, DDoS attacks escalated in both size and frequency. Others project the duration of DDoS attacks will increase and increase the costs and outages. The threat and impact has grown to the point where a major computer publication ran an article titled, “DDoS attack threat cannot be ignored.” They are right, but what hasn’t been covered is a newly discovered DDoS technique with some interesting observations that are quite disturbing.
The costs of DDoS attacks on some companies can exceed $100,000 per hour due primarily to disruption. For example, the DDoS attack in 2010 on the Virgin Blue airline reportedly costs totaled $20 million due to the IT outages that spanned 11 days.
In May 2017, ZDNet reported that the average DDoS attack cost for businesses increased to more than $2.5 million. One of the longest DDoS attack in Q2 2016 lasted 291 hours, or 12 days of disruption.
Now that you understand the costs of being on the receiving edge of a cyberattack, what are the costs to launch a DDoS attack? To do that I looked at three examples of the cost to have a DDoS attack delivered to a specified target. All three costs ranged from $7 to $25 per hour of attack. So the 291 have attack cost could have been as low as $2,000 to a high end of $7,275. Some cyber intelligence organizations believe that DDoS attacks will continue to increase and we will see a “BLIZZARD” of DDoS attack by 2020. While those number are concerning, a new twist to DDoS attacks has been unearthed that is even more troublesome.
Many cybersecurity professionals believe that industrial sabotage is considered the most likely reason behind a DDoS attack. In fact, Kaspersky Security recently noted that 43% of businesses that became victims of a DDoS attack believe it was launched (paid for by) by a competitor. It is generally believed that DDoS attacks on larger businesses are due to foreign governments and former employees.
A new and problematic cyberattack technique was recently created/discovered that has unique properties that make this attack technique concerning. It's called an Internal Distributed Denial of Service (iDDoS) attack, and it is created when multiple compromised computers, smartphones, tablets, equipment and devices that are often infected through the use of Phishing schemes and Trojans generate an excessive amount of internal network traffic. The internal network traffic that is flooding the corporate network(s) originates from many different internal sources that have been infected. These compromised computers, equipment and devices can either generate massive amounts of junk data or legitimate data or system requests.
iDDoS attacks are likely to become a substantial issue in the future. One of the interesting aspects of this attack technique is that it most likely requires less bandwidth consumption to be disruptive! A scan of cybersecurity products and their applications clearly indicate all protection and detection capabilities are focused externally (not for internal attacks like this). iDDoS is a state of the art cyber weapon of targeted disruption. Consider the use of iDDoS by criminals (ransom) that could easily target the numerous unprotected devices in Smart Homes, Smart Office Building, and Smart Cities.
Can any of your DDoS tools and techniques be applied when it is behind a firewall? Consider their exposure to an iDDoS attack and what they will do when one occurs within your enterprise.