Distributed Denial of Service (DDoS) attacks are becoming more of a threat to businesses every day. The only thing that a hacker needs to perform a DDoS attack is enough computational power to overwhelm the target and render it non-operational. With the advent of cloud computing and the Internet of Things (IoT), gaining access to this quantity of computing power is much easier. Hackers can either affordably rent access to servers from cloud service providers or take advantage of the poor security of the average IoT device to build a botnet of Internet-connected systems to use in their attacks.

As a result, launching a DDoS attack is now cheaper and easier than ever, resulting in an increased number of high-profile, high-volume attacks. The need for organizations to invest in and deploy DDoS protection solutions is only growing as the number and impact of these DDoS attacks increase.

Another critical component in fighting against the threat of DDoS attacks is taking legal action against the hackers to stop the ones currently offering these services and dissuade new ones from entering the market. Law enforcement from different countries has taken steps in this direction, but some stories are a bit more ridiculous than others.

Hacker, Molotov Cocktail, DDoS

Hackers get caught for DDoS attacks for a variety of different reasons. Operating a DDoS for hire website, tracing an attacking IP back to the hacker, catching someone bragging about it online, etc. All of these are fairly normal reasons. However, a Belgian hacker was convicted for his DDoS attack activities for a completely different (and much more memorable) reason.

This hacker was implicated in a series of DDoS attacks including attacks against a bank and a DDoS for ransom attack against a pizza company. The attack against the bank was motivated based upon personal reasons, and the pizza company attack was probably drug-related. Evidence of these deeds was brought to light by police analysis of a flash drive previously belonging to the hacker.

But how did the police gain access to this USB drive? The hacker dropped it. More specifically, he dropped it in the process of throwing a Molotov cocktail at the same bank that he had previously targeted with a DDoS attack. Since the hacker was already in custody for the arson attack, the investigators had the time to review the data contained on the drive and extend the hacker’s sentence for another 18 months based on his illegal cyber activities.

The Threat of DDoS

While the Belgian hacker’s arrest story borders on the ridiculous, law enforcement is actively working to curb the efforts of DDoS attackers. In December 2018, the US Federal Bureau of Investigation (FBI) took down fifteen of the largest “booter” or DDoS for hire sites in operation at that time. However, the impact of this takedown effort was short lived. In Q1 2019, the number of operating booter sites doubled. While this may indicate the movement of new players into the industry to fill the void left by the FBI booter site takedown, it demonstrates that hackers are still willing and able to offer DDoS as a service.

The threat of DDoS attacks in the modern Internet is exacerbated by the same technologies that legitimate organizations are taking advantage of in order to improve their business. Cloud computing and the growth of the Internet of Things (IoT) helps to facilitate large DDoS attacks since hackers can either affordably rent the computational resources that they need for their attacks from Cloud Service Providers or easily compromise poorly-secured IoT devices by exploiting weak passwords or unpatched vulnerabilities on these devices.

As a result, the threat of DDoS attacks is greater than ever. The magnitude of DDoS attacks has increased dramatically in recent years, achieving over 1.3 Tbps in an attack against Github in March 2018. Operators of DDoS botnets have also grown more sophisticated in their attacks, moving away from easily detectable attacks relying on well-known DDoS amplifiers to attacks that use a random combination of IP addresses and ports with higher packet numbers and lower packet size rather than the traditional lower rate of massive packets. This transition has raised the bar for organizations attempting to identify and protect themselves against these DDoS attacks and maintain the accessibility of their Internet presence.

Defeating the DDoS Threat

Distributed Denial of Service (DDoS) attacks are a significant threat to organizations around the world. As cloud computing and the Internet of Things have taken off, it’s become much easier for hackers to collect the resources necessary to perform these attacks at scale. The reasonable cost of performing a DDoS attack has also allowed them to offer DDoS attacks as a service, where anyone can rent a DDoS botnet for less than $20 per hour.

The Belgian hacker’s choice of targets, a major bank and a pizza shop, demonstrate that any organization can be the victim of a DDoS attack. As a result, any organization whose web presence is a vital component of their business plan should take the necessary steps to protect this asset. Beyond the standard step of using a web application firewall (WAF) to help plug the vulnerabilities in an organization’s web application, deploying a DDoS protection solution can also be important. As DDoS attacks grow in number and intensity, it’s important to have the right defenses in place to protect your organization against them.