Monday,25 November, 2024

Subscribe to Newsletter

HOME
  NEWS
  Knowledge Center
 
News

‘Understanding 5 Common Motives for DDoS Cyber Attacks can help Companies in UAE Prevent them,’ says Security Expert

Published Jun 12, 2016

Distributed denial-of-service (DDoS) attacks continue to be one of the most prevalent methods hackers use to disrupt businesses. Involving the use of multiple systems (personal computers, smartphones, etc.), DDoS attacks overload an organization's network by generating web traffic that can't be accommodated by the system's capacity limits.

Unlike with other forms of cyber attacks, DDoS attackers run the gamut in terms of their technical prowess. With DDoS services available for purchase online, even the least tech-savvy teenager with a credit card is capable of taking down company web assets for hours and even days.

Due to the diversity amongst those carrying out DDoS attacks, ranging from high-school kids to state-sponsored hackers, the purpose behind separate incidents can vary significantly. For example, while an experienced cyber criminal may use a DDoS attack for diversionary purposes, a disgruntled employee may carry out an attack just for the sake of causing chaos. Chris Gale, EMEA Partner Director at A10 Networks at A10 Networks has mapped out some of the most common motives for these attacks and describes the tell-tale signs that will help companies in UAE combat these cyber attacks:

Hit-and-Run

The least sophisticated form of DDoS is the hit-and-run attack. These come in a wide variety, targeting gaming services, consumer websites and various other high-visibility targets. These attacks aren't typically very strategic and are commonly executed by hackers causing chaos for attention or young cyber criminals testing their chops.

Considering these attacks are typically the least organized, and pulled off by the least technical individuals, they are the easiest to prevent. Unskilled troublemakers typically will use a paid service to pull off the attacks, making it costly to sustain long-term. By optimizing your network configuration, and utilizing technology with robust load balancing capabilities, the risks posed by these attacks are greatly minimized.

This category of attacks serves as a grab-all for incidents that don't fit into the more defined versions of a DDoS attack. As they are often poorly organized attacks on random companies, it is difficult to pin down specific warning signs. If you are a high-profile company that would make for good headlines, you can assume you've been the target of this sort of incident.

Political

Government and state-run websites have been a common target for protestors and activists looking to make a statement via cyber means. Most commonly associated with the likes of Anonymous and other hacker collectives, these attacks are a slightly more advanced/targeted version of the hit-and-run. There is no true end-game in terms of tangible payoff — these attacks tend to be symbolic in nature.

By taking down government web assets, attackers cause headaches for officials looking to both save face and bring critical services back online. While there is little payoff for the hacktivists, the damage caused to operations and reputation is very real.

Fiscal

The ease of pulling off a rudimentary DDoS attack means that the hackers aren't always the usual suspects. For example, a recent survey from Kaspersky Labs found that 48 percent of companies who had experienced a DDoS attack believed their competition was responsible. While these statistics may be slightly inflated due to human paranoia, at least some of the attacks being reported fall into the category of B2B cyber crime.

Along with causing productivity declines that reduce the efficiency of a key competitor, companies perpetrating these attacks also aim to damage the target's reputation. While there are no direct monetary gains for the perpetrator, the indirect benefit of not having yourself associated with a cyber attack is enough to draw customers away from the competition.

Smokescreen

Hackers have increasingly turned to DDoS attacks as a means of diverting IT's attention away from separate, and often times more damaging, behaviour. When an attacker damages or completely brings down a company's network, the process for complete remediation can take days. Coupled with the fact that DDoS attacks are highly visible, both externally and internally, returning to business as usual becomes priority one for responders.

With the IT team's attention focused elsewhere, it is easy for otherwise alarming behaviour to slip through the cracks. False-positives are already a common headache for those monitoring network activity, and during a time of crisis, it becomes much easier to neglect best practices and allow for incidents such as malware injection or data theft to occur.

You typically don't realize a DDoS attack is being used as a smokescreen for a larger security incident until it's too late. The best defense comes from ensuring that all normal cybersecurity processes are continued in the wake of an attack and never assuming the worst is over.

Ransom

The last form of attack has the most obvious pay off for hackers: cold hard cash (or at least cold hard cryptocurrency). For companies involved in e-commerce, stock trading, customer service and basically any form of business requiring access to a website or portal, extended network downtime is not an option.

Depending on the resources of attackers, sophisticated DDoS attacks on improperly secured networks can be extended for days, costing companies thousands and even millions of dollars in lost business. Attackers know this and prey on businesses looking to cut their losses and pay their way out of the situation. The good news is these attacks are easy to categorize since they come in conjunction with a communication demanding a ransom. The bad news is the price tag (usually requested in Bitcoin) is at the complete discretion of the attacks, and as more companies pay up, the demands are only bound to increase.



Rate This:

Posted by VMD - [Virtual Marketing Department]


Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution

  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam

  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email

  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy

  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains

  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments

  Rackspace Wins 2017 Red Hat Innovator of the Year Award

  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work

  4 Tech Hacks to Faster Customer Onboarding

  New Mimecast Report Detects 400% Increase in Impersonation Attacks