Gone are the days of an organization being targeted solely by elite hackers. Today, an aggressor needn’t be a hacker at all: The high school student across the street, a disgruntled employee, or the customer who had an unfortunate experience with your organization can all shutter your online availability with DDoS attacks.
What is a DDoS Attack?
Imagine an unruly individual who requests junk mail to be sent to a victim’s home. A lot of junk mail. The victim’s mailbox soon become overwhelmed. As the mail scales (akin to a DDoS attack strengthening), the mail carrier is going to become overwhelmed. Soon enough, the local post once, the regional post once and so forth, will all become overwhelmed. The transit of all mail, both the good and the junk, becomes gridlocked.
Who can launch a DDoS Attack?
Thanks to the advent and growing popularity of cybercrime-as-a-service, the process of launching DDoS attacks is now effortless and nontechnical. Attack tools are developed in an open-source environment and rapidly evolve. They have become more available and less expensive—even free—and as a result, DDoS attacks have grown in frequency and scale.
What was it like in the past?
In the past, hackers—who inhabited only the darkest corners of the web—were required to master many technical challenges to wield a DDoS attack. First, malware needed to be developed and spread, thereby infecting and gathering machines into a botnet. A botnet, the very epicenter of a DDoS attack, is a network of computers controlled as a group without the owner’s’ knowledge. Then, from the command line (often IRC), the hacker commanded the botnet to attack anyone of their choosing.
What is it like today?
Today, with only an email address and a method of payment (a major credit card, PayPal or Bitcoin will do just fine), DDoS cyber crime-as-a-service portals (otherwise referred to as booters) can be subscribed to and DDoS attacks launched. As simple as it is to sign up to Net ix and watch a movie, anyone can subscribe to a DDoS portal, select a type of attack and enter the victim’s domain or IP address to target.