Attackers today use distributed denial-of-service attacks for everything from blackmailing businesses into paying uptime money to disrupting sites run by political opponents. Many cybercrime groups have also become expert at subverting legitimate sites, and using them to launch for-profit "DDoS as a service" attacks.
Much has changed since the early days of DDoS exploits, when not all attackers attempted to monetize their DDoS capabilities, says Richard Meeus, an enterprise security architect manager for content delivery network provider Akamai, which also sells DDoS mitigation services. "They were also used by script kiddies, the monetization part wasn't really used to a great extent at that point. We tended to see it as more from the hacktivist point of view," he tells Information Security Media Group. Those attack campaigns, furthermore, were more of a nuisance than a threat to the business. "The attack vector was very large, but the actual sizes were quite small, and the number of bots that you needed to create the attack was very large, but the actual effect was very easy to mitigate."
- A brief history of DDoS attack techniques;
- The growth in easy-to-use DDoS toolkits;
- How Internet of Things devices can be exploited by DDoS attackers;
- How businesses can better defend against DDoS attacks.
Meeus is Akamai's enterprise security architect manager for EMEA. He previously worked as a service line manager and senior enterprise security architect at Akamai, and also held positions at Prolexic Technologies, Critical Path and Mirapoint Software, amongst other firms.