Threat Landscape Update: Distributed Denial of Service Attacks

December 2021 has brought with it holiday cheer and an uptick in distributed denial of service attacks (DDOS) attacks. DDOS attacks are fast becoming a new tool in the extortionist threat actor’s toolkit. DDOS attacks are attractive because they don’t require attackers to actually hack into a company’s systems. Instead, a DDOS attack targets a website or other online service. The attacker attempts to flood a targeted service with traffic by using numerous compromised computer systems, including IoT devices, as sources of attack traffic. Think of a DDOS attack like your home phone from the 1980s. If multiple callers are constantly calling your number, legitimate callers will get a constant busy signal. The goal, of course, is to get a company to pay the threat actors to stop the attack and resume normal operations.

GT has seen this increase in two primary ways. First, as an add-on to a ransomware attack. Ransomware attacks have evolved over the past several years beyond simply encrypting a company’s servers and endpoints, to increasingly exfiltrating and threatening to publicly post or sell company data, to now threatening and/or committing DDOS attacks. Second, certain threat actors are skipping the ransomware attack and heading straight to the threat of a DDOS attack.

Fortunately, some of these threat actors are bluffing and lack the resources to conduct a full-blown attack. They may instead hit a company’s network with a short burst of traffic, and then will use that burst to suggest they have much more firepower behind them. Others, however, are conducting full-blown attacks.