When the protesters hit the streets, expect DDoS attacks to hit the Web.
Distributed denial-of-service (DDoS) attacks are being used against government targets more than ever before, according to new research from Internet infrastructure firm Verisign. The attacks are increasingly powerful, cheap, and easy to deploy.
DDoS attacks work by flooding a target—a bank, for instance, or a popular website—with data in order to make it crash or unusable for users. It’s not only an easy-to-use, cheap, and effective weapon for hackers, it’s also a goldmine for security firms paid to defend against the attacks.
DDoS attacks against public-sector targets grew to account for 15 percent of all attacks recorded by the company at the end of 2014. The average size of attacks grew in size by 245 percent, Verisign found.
DDoS-for-hire services can cost as little as $2 per hour, delivering an easy-to-use but potentially powerful punch to any Internet-connected devices on earth.
The DDoS defense market—where Verisign is a major player—is projected to hit $1.6 billion within two years.
“The larger industry problem is asymmetric cost,” Ramakant Pandrangi, the vice president of technology at Verisign, told the Daily Dot. “The cost to protect and the cost to attack are very different. You can hire an attacker for as little as $2 per hour, renting their services using very simple user interfaces.”
A score of headline making political events in 2014 highlighted how DDoS attacks are used as effective political activism now more than ever.
The Syrian civil war has seen DDoS used as a weapon by both the Syrian Electronic Army (SEA) and its opponents in proxy cyberwars. The on-the-ground protests in Ferguson, Mo. were accompanied by #OpFerguson in which Anonymous hacktivists used DDoS attacks to disable the city government’s Internet services. Outcry against the 2014 World Cup in Brazil sparked DDoS attacks as well.
DDoS attacks have been used as political activism for two decades, at least since the Strano Network, an Italian group, launched just such an attack against the French government over nuclear politics in 1995. For nearly as long, some activists have pushed the idea that denial-of-service attacks should be treated legally like sit-ins instead of criminal activities that carry significant penalties, including extended prison time.
The average attack size at the end of 2014 increased to 7.39 gigabits per second in 2014, Verisign found, 245 percent higher than those carried out during the same period in 2013 and 14 percent higher than the top averages of 2013. That’s a whopping 6,800 percent increase from average DDoS speeds in 2011, according to security firm Kaspersky Labs.
“We saw a rise in 2014 in terms of hacktivism,” Pandrangi said. “That’s a trend we expect to continue to rise.”
The industry most targeted by DDoS attacks were cloud and information technology services, accounting for a full third of all defense from Verisign and boasting the most powerful attack of the quarter: A 60-gigabit-per-second assault.
Cloud and information technology services are highly valuable targets because they’re used by multiple customers across the private and public sector.
Verisign’s report indicates that attacks against all industries are increasing in size, Pandrangi asserted, a fact that may necessitate the growth of the security industry’s DDoS defense services for years to come.
Photo via edans/Flickr (CC BY 2.0)