For many organizations situated at the receiving-end of a coordinated DDoS attack, the objectives of the attackers may not necessarily be self-evident. In too many cases, organizations come under the cross-hairs of multiple DDoS campaigns – with the campaigns being launched and orchestrated by different groups.
From an instigators perspective, some of the most common DDoS objectives are:
Extortion. The attackers seek to cause key online business services to become unavailable at critical times and expect payment for an attack to cease. For example:
- Preventing customers from placing bets within an online gambling portal in the run up to a major sporting event and requiring payment to prevent a DDoS occurring on game day.
- VoIP calls are made continuously to an organization’s phone and fax numbers thereby preventing any in-bound communications. Automatic messages are played to anyone answering the phone that payment is expected for the calling to cease.
Espionage. The attackers seek to cause key business services to become unavailable or unresponsive while reaping an award on another front. The DDoS attack itself is used as a method of disguising the real purpose of the attack or distracting the victim’s attention. For example:
- The operator of a botnet is paid to DDoS the email services of a local business operator to prevent that organization in responding to a competitive business bid.
- A high-volume DDoS assault is conducted against multiple online business portals with the expectation that the targets incident response team will be too busy to notice a parallel stealthy attack against the true target as things are “lost in the noise”.
Protesting. The attackers seek attention to the particular cause or public issue they are pursuing and work to force a particular change in policy or behavior. Attack participants are provided with target and coordination details from a central “authority”. For example:
- The global DDoS of a particular government’s web sites in response to (perceived) unfair election practices.
- A coordinated campaign of DDoS attacks against the web portals and email systems of any organization supply
Nuisance. The attackers launch attacks against a broad spectrum of targets “because they can”. The objectives vary greatly between targets but the DDoS attacks are typically short lived, often reactionary to a perceived slight, or designed to gain some temporary advantage over named individuals. For example:
- Opposition team member IP addresses are DDoSed during an online game so that the attacker’s team can win or obtain the highest scores.
- A student launches a DDoS against the school’s homework submission system in an effort to cause other students to miss a specific homework due date.
Source: Damballa Study
More to Read
Think the Cheapest Dedicated Server is A Good Idea? What You Need to Know
Should you hunt for the cheapest dedicated server? Finding the most affordable option
Oct
Discover How These 8 Cloud Monitoring Tools Can Help You Drive Better Business Performance
When it comes to managing your cloud environment, cloud monitoring tools are essential
Oct
Pick the Best Cloud Management Platform with These 5 Pro Tips
Managing cloud infrastructure can become overwhelming, especially as businesses scale and adopt more
Oct
Thinking About Public to Private Cloud Migration? Here’s the Essentials
The cloud. Love it or hate it, 94% of businesses depend on cloud
Sep
Why a Cloud Migration Checklist Helps Overcome Migration Challenges
Moving data is a complex, often nerve-wracking endeavor. However, it’s often necessary for
Aug
Cloud Cost Management Tools: The Good, The Bad, and The Alternative
Managing cloud costs has become a critical task for businesses of all sizes.
Aug