What Motivates DDoS Attackers?
The motivations of black hat hackers are usually nefarious rather than mischievous. One notable exception is the infamous DDoS attack on TalkTalk last year; it was conducted by a group of teenagers purely for their own entertainment, according to Cyber Security Intelligence. Fortunately, those hackers were not aiming to leverage the 157, 000 customer records that were breached; unfortunately, their mischief was the most costly security breach on record. Cyber Security Intelligence reports: “in one day its share price fell by 12% and in total an estimated £360 million was wiped off it’s [sic] value (stock value pictured). The direct one-off cost of dealing with the hack was reportedly more than £30 million.”
Some hackers are “hacktivists” motivated by politics. For example, Anonymous believes that the Turkish government supports ISIS, so it launched DDoS attacks that crippled websites of Turkish government agencies and financial institutions. New World Hackers launched a DDoS attack on U.S. presidential candidate Donald Trump’s website because they oppose his political views.
Stealing customer data
Increasingly, many hackers are now also motivated by greed. It’s no secret that cybercriminals are hacking into systems to steal sensitive, confidential information such as email addresses, banking details and credit card numbers. Presumably, hackers can and do fraudulently use the stolen credit card numbers themselves or they may sell the credit card numbers to other criminals. What’s less known is that hackers are often using a DDoS attack as a “smokescreen” to distract IT and security staff while they breach an organization’s database. Linode’s recent attack is an example of such a “Dark DDoS” attack. According to Threatpost.com, Linode urged its customers to reset their passwords: “User credentials could have been read from our database, either offline or on, at some point,” Linode said in an advisory to customers. “The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds.”
More and more cyber criminals are demanding ransom from companies in the form of Bitcoin (Bitcoin transactions are harder to trace). Last week Europol announced that a team of European law enforcement agencies arrested two suspects of the DD4BC ("DDoS for Bitcoin") hacker group. In exchange for Bitcoin currency (as of this writing, 1 Bitcoin is valued at around 432 USD) hackers threaten to expose a company publicly for the data breach and/or cripple the company’s website(s).
MarketWatch reports that a Cloud Alliance survey found that “Nearly a quarter of companies (24.6%) say they would be willing to pay hackers a ransom to prevent a cyberattack.” It’s bad policy for companies to pay ransoms, even if they have cyber insurance; it’s a losing proposition because the hackers hold the proverbial keys to the kingdom at that point and will usually just up the ante and demand more ransom. Furthermore, that behavior will encourage other hackers to play the ransom game with other companies.
An ounce of prevention is worth a pound of cure
Europol recently announced that a team of international enforcement agencies has arrested one suspect and detained another from the DD4BC ("DDoS for Bitcoin") hacker group. However, law enforcement can’t stem the rising tide of DDoS hackers; DDoS hacking tools are easy to find, easy to use and incredibly inexpensive to buy. Even if law enforcement did have the resources to launch massive manhunts for cybercriminals, DDoS hackers usually evade detection. Companies will begin to be overwhelmed by both the speed and frequency of new attacks. Unless they purchase appropriate mitigation solutions in place before a DDoS attack occurs, companies will pay another, steeper price; i.e., they’ll have to work around the clock to “black-hole” and re-route affected servers and then get systems back online, and spend money to repair or replace damaged systems. Not to mention, they’ll risk losing face in the marketplace and upsetting or losing their customers.
There will always be hackers, with various motives. The best protection is prevention: defensive solutions that can detect and stop DDoS hackers in their tracks before they do any damage.