Distributed denial-of-service (DDoS) attacks are becoming commonplace. You don’t need more of a sign of this than the coverage by major news outlets or, in my case, nontechnical parents and in-laws asking what these newfangled “denial things” are that they keep hearing about. Attackers use DDoS attacks for many different reasons, including political/ideological disputes, vandalism, and diversion to cover up other attacks or compromises (such as the exfiltration of data). Whatever the reason, these attacks can significantly impact their targets (or victims).
Two DDoS attacks from earlier this year had visible public financial impact on their targets. Bitcoin was a recent target of a DDoS attack that resulted in a heist reportedly worth around USD $105,792,000, as reported by Threatpost. The second attack, reported by the Washington Post, discussed a tweet sent from the official Twitter account of the Associated Press (AP) to all of its followers, which claimed “Breaking: Two Explosions in the White House and Barack Obama is injured.” It was later determined that the official account of the Associated Press was compromised, but the damage was already done. Though no specific DDoS attack tool was used in this example, the compromise of the AP’s official Twitter account led to a social engineering DDoS, which caused a five-minute dip in the Dow stock points and erased USD $136 billion in equity market value, according to the article.
In neither of these cases did the company cease trading completely; however, the potential for immense financial impact to any business exists and could lead to bankruptcy or even closure. To quote an old song from a now very famous band by the name of Green Day:
Ha ha you’re dead
And I’m so happy
In loving memory
Of your demise
As previously mentioned, not all attacks have the same visible financial impact. Attacks can be for the purpose of vandalism, or to take down online gaming. This sometimes appears in hacktivism attacks where websites are taken down, or users are redirected to other websites with purpose-driven messages. The Wall Street Journal reported that requests for the US Marine Corps recruitment website were redirected to a website that denounced actions taken by the US Government and its military. Again, to quote Green Day:
When your ship is going down
I’ll go out and paint the town
Ha ha you’re dead
Ha ha you’re dead
Ha ha you’re dead
Keeping the Doors Open and the Lights On takes a deeper dive into the world of DDoS attacks. It discusses their impact on business today and why they are difficult to defend against, and it defines the different types of these attacks. For a detailed discussion of the NSS Labs approach to testing DDoS Prevention Solutions (testing is ongoing at the time of this writing), please read Distributed Denial-of-Service Prevention Test Methodology v1.0. Both documents are found in the NSS Research Library.
Song lyrics from: Green Day, “Ha Ha You’re Dead,” Shenanigans, © 2002 Reprise Records