DDOS attacks have been a cyber security concern for many years, and will continue to be increasingly troublesome in 2016. The development of so-called “dark” DDOS attacks has only underlined the seriousness of this threat. Dark DDOS attacks refer to a type of DDOS attack which is not the intended security issue in and of itself. Rather, the DDOS attack is used as a smokescreen to obscure the other types of attacks or infiltration. Some security experts anticipate such attacks to increase by 300% in the coming year.
Dark DDOS attacks can be used to mask a variety of other actions. One of the most common is the use of a dark DDOS attack as a tool for extortion, targeting an organisation with the intention of demanding a Bitcoin ransom.
Why are DDOS attacks becoming so common?
As DDOS attacks have been a security issue for many years, it may seem surprising that this relatively dated strategy remains effective and popular for hackers. After all, one might assume that there would be comprehensive methods in place to combat this tactic. Unfortunately, however, technological advances which have allowed the development of automated, multi-vector attacks which cannot be circumvented using traditional means. These attacks have automated a variety of different strategies, so that if one is unsuccessful, the next is deployed without pause.
There are even black hat hacker companies that sell automated DDOS attacks as a type of service. The situation has grown even more troubling due to the rise of the Internet of Things. The IoT refers to the increasing connectivity of various devices, from smart televisions to climate control systems. The IoT could potentially be offering up new vulnerable entry points for hackers to instigate DDOS attacks.
Combating DDOS attacks
Due to the fact that combating these attacks essentially requires an always-on, in-line monitoring solution, more organisations are looking to their internet service providers to develop solutions that can prevent or mitigate the effects of DDOS attacks.
One reason is the fact that large-scale DDOS attacks can only be effectively combated with cloud-based computing technologies, while local level attacks are best stopped utilizing tools on site. This need to develop hybrid approaches which utilize multiple solutions simultaneously has many IT teams looking to ISPs to handle some portion of these services.
Employees should also be trained to recognize threatening emails or extortion by various organisations which have turned to dark DDOS attacks as their primary mode of operation.