– Rachel Gillevet, technical writer for WiredTree, says:
Distributed denial of service attacks have long been a favored tool of online criminals and “hacktivists”. They’re quite difficult to combat and botnets capable of directing enough data at a site to knock it offline are easy to access — if you don’t run one, it’s possible to pay someone who does for use of their collection of hacked machines.
Historically, DDoS attacks have been the primary attack. The criminals’ aim was to knock sites of the Internet, usually because of a perceived slight, political difference, or some other grievance, but in recent months, DDoS attacks are increasingly being used as a tool to achieve a further outcome.
This sort of attack is such an obvious tactic that it’s surprising that it only recently become popular. The idea is simple and not much different from protection rackets run by more traditional organized criminals, in which businesses pay protection money to the people threatening them. In the case of DDoS extortion, the criminal disables an online service by saturating its network connection and then demands money in return for calling off the botnet.
If you’re a user of Feedly, Evernote, Basecamp, or Vimeo, it’s likely that you experienced the fallout from one of these extortion attacks in the last few weeks.
DDoS As A Distraction
According to a recent report from Neustar, which examined the nature and impact of DDoS attacks, many attacks are simply a smokescreen for a different type of infiltration, usually with the intention of planting malware on a site, stealing money, obtaining sensitive information, or any combination of the three.
Fifty-five percent of DDoS also suffered a data breach, according to the report.
A DDoS attack used for extortion differs from the typical scenario. They’re usually much shorter in duration. Hackers usual want the server they are attacking to be up-and-running quickly, serving malware or harvesting user data. To that end, DDoS attacks tend to be fairly short, their purpose being a diversion rather than a serious attempt to disable a site. Additionally, if a DDoS attack is not accompanied by an attempt at extortion, publicity of the sort organizations like the Syrian Electronic Army indulge in, or political demands, it’s likely that something else is going on.
The lesson to be learned is that a DDoS attack might not be what it appears, and businesses that throw all their effort into mitigating the effect of those attacks might be opening themselves to other risks.
About Rachel Gillevet – Rachel is the technical writer for WiredTree, a leader in fully managed dedicated and vps hosting. Follow Rachel and WiredTree on Twitter, @wiredtree, Like them on Facebook and check out more of their articles on their web hosting blog, http://www.wiredtree.com/blog.