DDoS attacks have disrupted companies far and wide in recent times. Almost five million Remote Desktop Protocol (RDP) servers are exposed to the Internet – around two million more than before the pandemic.
In an interview with Sanjay Aurora, Managing Director of APAC at Darktrace, he highlighted how DDoS has evolved over the years and that cybercriminals chose this method because it has become increasingly easy to launch the attack to disrupt organisations.
“Launching a DDoS attack might be easier to mitigate than a ransomware attack but a DDoS attack requires significantly less technical sophistication, skill and investment on the attackers’ side,” said Sanjay.
Not only that, but greater connectivity also means that attackers can also launch these attacks with greater ease.
Sanjay shared that “DDoS for hire” services offer access to botnets for as little as USD $20 per hour. In fact, some of these kits are even legal and market themselves as “IP stressors” or “booters”, which can be used legitimately to test the resilience of a website but are often exploited and used to take down sites and networks.
“These developments have sparked a new wave in DDoS and botnet malware attacks as hackers capitalise on the added financial incentive to create botnets and rent them on the dark web,” explained Sanjay, adding that this type of attack is so severe that it can cause server outages and significant monetary loss.
In February this year, Darktrace detected a server-side attack at a technology company in APAC. In this case, an Internet-facing RDP server hosting an online games site was compromised.
The attacker used brute force to glean the correct password and gain remote access to the desktop. The threat actor likely planned to utilise the exposed server as a pivot point to infect other internal and external devices, possibly to launch a DDoS attack or ransomware. But at this point, Darktrace’s Cyber AI began to detect unusual administrative RDP connections from rare external locations.
“Early detection of this breach was crucial in stopping the cyber-criminals before they could create a botnet and use it to cause serious damage, potentially launching a DDoS attack, as the speed of movement and lack of data exfiltration in this incident suggest that the attack was automated.
Based on its understanding of what is “normal” for the organisation’s network, Darktrace’s AI was able to detect and stop the attack before any harm could be done,” said Sanjay.
DDoS is a relatively unsophisticated means of stopping an organisation, and no organisation is too big or small to be targeted by them. However, the DDoS attacks that garner the most publicity tend to be targeted at large scale organisations and affect the user base, such as with broadcast television, e-commerce and social media.
Today, cybercriminal gangs are often vying for a reputation as much as financial gain – and this may motivate them to hit these organisations when it makes headlines.
“DDoS may be an entry-level attack – but if you only have entry-level security, it might cripple your business temporarily or inflict sustained damage if your primary business depends on being online (e.g. e-commerce). As vast parts of the APAC community are rapidly digitising, companies need a holistic approach to security to protect them against all kinds,” he said.
Especially with the ongoing rollout of 5G technologies that have accelerated the proliferation of IoT and smart devices worldwide, making unsuspecting new recruits available for botnet armies to launch crushing attacks on a massive scale.
This begs the question - how can organisations build up their defences against this highly damaging type of attack?
That’s where AI and machine-learning come in – with a birds-eye view of the digital estate, organisations can be empowered to spot and stop threats in their earliest stages. That way, the system can respond on the humans’ behalf – before any harm can be done or data can be held to ransom.