Lately, it seems like the companies that haven’t had their web and cyber security compromised are in the minority.
Many are hit hard by web vulnerability attacks. Specifically we see an increase in DDoS (Distributed Denial of Service) attacks. With DDoS, the attacker’s main goal is to make your website inaccessible using botnets. Botnets are basically an army of connected devices that are infected with malware. Your website’s server becomes overloaded and exhausted of its available bandwidth because of this army. Much of the time, the attack doesn’t usually even breach your data or go over any security parameters.
So if it’s not to breach your data, why would someone go through the effort to shut down your website? There are a multitude of reasons, but today we’ll look at the top 6 reasons for a Distributed Denial of Service Attack.
1. Some (not-so) friendly competition
As more and more enterprises are taking their storefronts to the cyber world – there is also competition within the cyber world.
In fact, in a recent survey nearly half the responding businesses said that they believed that their competitors were launching DDoS attacks in order to disrupt services. After all, if your competition’s website is down, all the traffic will come to your website instead. Additionally, your competition’s brand image is tarnished, giving positive associations to your company instead.
Even if an entrepreneur may not be skilled in hacking, DDoS attacks are now available for hire, and attacks can be executed for a fairly low price on the dark market.
2. DDoS for Hacktivism
As we’ve noted, DDoS attacks aren’t necessarily about taking data. It can be used to strongly voice an opinion – any opinion. Voicing your opinion on the Web can have a bigger and faster effect than if you were to attend an in-person rally or strike. DDoS is often used to show support or opposition regarding a certain topic. It could be political (see below), but also for/against businesses or banks, ethical concerns, or even an online game.
3. All about politics
A subset of reason #2, DDoS attacks can also happen between countries or governments. The Web is the newest battlefield. DDoS attack victims can be government websites. While the sites could have been attacked by apolitical hackers, many do believe that governments or political parties often attack each other using the DDoS method.
As most governments rely on the Web to communicate and run their country, this has proven to be an effective method to show political opposition.
4. Seeking their revenge
An extremely common reason for DDoS attacks, this situation could apply to businesses, individuals, as well as governments. Not necessarily to give an opinion, attacks are used to seek revenge on your enemy. There’s no need to get your hands dirty at all.
For example, there have been increasing instances of previous employees hiring DDoS attacks on the dark market to seek revenge on their former employers. We’ve previously written on internal data breaches by present or past employees, but this is yet another form of when one person holds a grudge and it affects an entire company.
5. A precursor for something bigger
On New Year’s Eve of 2015, BBC was reportedly attacked with a DDoS attack measuring over 600 Gbps, beating out the previously set record of 334 Gbps. The attackers who claimed responsibility, New World Hacking, said that it was simply “testing.” More recently, the hacking group PoodleCorp took responsibility for shutting down the trending Pokemon Go game using the DDoS attack and they claimed that they were also testing for something on a larger scale.
A hacker may be preparing for something new like the above two cases, or they may be using the attack as a distraction for a larger attack, hoping that they won’t be found out. This is one case where the attack may be used indirectly for a security breach.
6.Some plain ol’ fun?
And lastly, sometimes there’s really no rhyme or reason to why DoS or DDoS attacks happen.
There’s a misconception that there is a specific reason behind all attacks. However, this is simply not the case. Many hackers get an adrenaline rush from hacking into a system or a website, no matter how big or how small it may be.
Therefore, there’s the responsibility as the individual user or as the CIO/CTO of a company to ensure that security measures are being taken. One needs to prepare for an attack because no one is ever exempt from the chances of an attack.
So what are these security measures I speak of? In my opinion, the most essential step you can take is to protect yourself with a WAF (Web Application Firewall). By using WAF services like Cloudbric or a WAF like WAPPLES, you can make sure your website is continuously protected.
For more information on Cloudbric (full service website security provided for free if your website’s bandwidth is under 4GB/month), check out their website and find out more about WAPPLES, the WAF they use for their service.