Banks, energy utilities, transportation hubs and hospitals; these are the most high-profile examples of critical infrastructure that could be targeted by hackers. The perpetrators could be lone wolf actors, terrorist cells or nation-states. Recently SC Magazine published an article about the likelihood of an attack on critical infrastructure in the United Kingdom, noting that “Attacks on critical national infrastructure are growing in number and sophistication.” Below, we will answer 3 questions that should clear up how DDoS attacks are used as weapons in cyber warfare and how cybercriminals use DDoS attacks to their advantage.
How Do They Produce Attacks?
Of course, cyberattacks come in various forms, including ransomware and distributed denial of service (DDoS) attacks. The WannaCry ransomware attack that wreaked havoc with Britain’s National Health Service in May 2016 is one example. In another incident, in November of this year according to SC Magazine, “…National Cyber Security Centre chief Ciaran Martin, confirmed the Kremlin had ordered a cyber-assault on the UK's major power companies in a bid to disrupt international order.”
Unfortunately, it has become much easier and less expensive for hackers to conduct cyberattacks. For example, to launch a DDoS attack individuals can simply tap a DDoS-for-hire service for under a hundred dollars, or several thousand dollars, depending on the scope of the DDoS attack they want to order. One DDoS service advertised on a Russian public forum offers attacks from as little as $50 per day. However, Kaspersky believes the average cost is more like $25 per hour, with cyber criminals making a profit of about $18 for every hour of an attack. For the more tech-savvy, do-it-yourself hackers, the Mirai botnet code has been unleashed on the Dark Web for over a year, and many variations of it have been created.
What Purpose do DDoS Attacks Have?
Often hackers launch “Dark DDoS attacks,” also known as low threshold, sub-saturating attacks, to distract IT security teams from a more nefarious security breach, such as a malware or ransomware infiltration. (Ransomware is a relatively easy way to make money, and some suggest that terrorists are willing to carry out such attacks). However, attacks on critical infrastructure conducted by a nation-state or terrorist group would more likely be volumetric in nature, to disable systems and thereby create chaos.
Who Is Commonly Behind DDoS Attacks?
The perpetrators of cyber warfare could come from disaffected citizens, or from nation-state operators. The list of potential nation-states or terror groups is relatively short: North Korea, Russia, China, Iran, and ISIS are prime possibilities. For more info about terrorist groups that may hack, read the CipherBrief article, “Terrorists Learn How to Hack.”
One troubling fact is that over a third (39%) of national critical infrastructure organizations in the UK have not completed basic cyber security standards issued by the UK government, according to data revealed under the Freedom of Information Act by Corero. Some of these organizations could be liable for fines of up to £17m, or four percent of global turnover, under the UK government’s proposals to implement the EU’s Network and Information Systems (NIS) directive, from May 2018.