"I still see quite a few DDoS attacks every month,” said Nikos Vasileiadis, information security officer at Ergo.
“They’re often targeting smaller businesses these days: ‘Give us the money of we’ll bring you down’,” he said.
Driving this, alongside improved security at the large business level making high-profile targets less lucrative, is a certain ‘democratisation’ of cybercrime: not only are the tools out there, but they can be hired on a pay-to-play basis. Countless devices are infected already, lying in wait and ready to be deployed as zombie nodes in a DDoS botnet at the press of a button.
“Right now you can rent a botnet for as little as two [US] dollars a day, so pretty much anyone can do it. Most of the threats are coming from low level people,” said Vasileiadis.
Not that ‘low level’ means the threat is trivial, because extortion is extortion.
“Last week [January 2018] a hospital in the US paid $60,000 [approx €48,000], otherwise there was the threat looming over them,” he said.
Strikingly, Vasileiadis said he has also observed DDoS being deployed as part of wider cybercrime strategies.
“They’re launching a DDoS attack and in the background they gain access via a different method."
“It’s as if your ground floor is on fire but, unbeknown to you, a burglary is going on on the first floor. When the alarm rings you go to that room — and probably leave other one empty,” he said.
Vasileiadis also said that businesses need to consider the other side of the DDoS equation: as much as you can be the target of an attack, you can also be the source.
“I’ve seen quite a few businesses being used as a botnet,” he said.
“There was an incident a couple of months ago where a German company was breached and used to attach a Chinese company. We tend to think of it the other way around, but there you go!"
“The targets are global, pretty much everywhere,” he said.
Next week’s Microsoft Tech Summit is very timely because there is a momentum around cloud adoption that&rsquo...Read now
More and more, we have been hearing about companies who are not yet fully compliant with GDPR. In the latest...Read now