Businesses’ online assets are expanding at a dizzying rate, creating an ever larger and increasingly tempting attack surface for bad actors to target with distributed denial-of-service attacks. These attacks tend to be cyclical. We typically see a wave of focused DDoS attacks and heavy activity that slowly dwindles down, followed by a year or two of relative quiet. During that time, cybercriminals are working to figure out new ways to bring better attack tools to market and more effectively monetize their efforts.
The last major cycle, which started in 2020 during the pandemic, was marked by a significant spike in ransom DDoS (RDDoS) attacks, and those of us on the front lines of security operations centers are anticipating that the next big wave will come soon — potentially by mid to late 2023 (for other threats to keep an eye on this year, see part 1 and part 2 in this series).
If past cycles of DDoS attacks are any guide, the tactics deployed may be similar to what has come before; attackers might use some novel combination of techniques, but the big changes are usually in how they’ve brought the attacks to customers. The 2020 DDoS wave was unique in the breadth of victims that attackers were able to reach across a large swath of industries and verticals, hitting them in bunches often simultaneously. Multi-vector attacks were common, and the vectors used varied from attack to attack, showing a level of sophistication in the management of the DDoS attacks and close coordination with the ransom demands for monetization that we hadn’t seen before.
No one can say for sure what the next campaign will look like or who will be in the crosshairs, but there’s a general sense across the security industry that another wave is coming. Based on historical trends, there are industries with a higher likelihood of being attacked — financial services institutions, retailers, media/gaming companies, service providers and hosting providers have always been common targets, and more recent campaigns have seen a large uptick in attacks against health care, utility and technology companies as attackers have intensified their focus on critical infrastructure and services.
Attacks and breaches are to some extent inevitable in our increasingly interconnected world, but it is more vital than ever that security pros keep a close eye on the threat landscape and better understand emerging areas of vulnerability.
