Monday, January 2, 2023

The Art Of Warfare Is Being Changed: DDoS Attacks First, Then The Ground Campaign

 


Back in high school, my favorite subject was that of US History.  What we learned back then was about the colonization on the East Coast, and of course the American Revolution, and from there, the movement westwards. 

I also took world history, and learned more about regional conflicts, such as those between India, Pakistan, and China.  Then, when I went to Purdue for the undergrad years, I also took a year of US History once again, but the topics covered were more about the Cold War, between the United States and the former Soviet Union.

Back then, Cyber warfare and Cyber terrorism were terms not even heard of.  The main battle lines were all about how large the army, navy, and air force was of any country.  But now, as we start the New Year, the lines of conflicts have drastically changed.  Although the fear of nuclear war is still there (largely driven by the Ukrainian – Russian conflict), the thought is now about the digital warfare that can take place between nations. 

Yes, this has been going on for some time, as countries have been spying on each other for quite some time, the digital warfare concept is starting to emerge as something different.  For example, it is not a “throw everything you have and including the kitchen sink” threat vectors launched by the Cyberattacker, but rather, they are much focused. 

In this regard, it seems to be that the Distributed Denial of Service (DDoS) attacks are the favored attacks to be used.

Once again, the prime catalyst for this has been the war between Ukraine and Russia.  Just days after it started, it seems like the Ukrainians already had their guard up, and fended much of the opening salvos of DDoS attacks from the Russians. 

Much to my surprise, the Ukrainian military was even able to gain the support of hackers from other parts of the world to aid in this fight.  In fact, between March and April of last year, the total number of DDoS climbed by an escalating 236%, more than ever before.

Why are DDoS attacks the Cyber weapon of choice?  Well, it is an old threat vector that can be modified very quickly to fir today’s digital warfare needs.  Second, they can be launched within minutes, and literally flood and break the back of the global Internet in just a matter of a few hours. 

The idea of a DDoS attack is to pound servers with useless and meaningless data packets until the services provided by them come to a screeching halt.

So, the goal is not to really infect other computers or devices with worms, viruses, and malware.  The mission of the DDoS style attack is to simply be a large nuisance, and to detract the IT Security team from other critical tasks that it has to achieve.  In fact, the Ukrainian conflict just itself brought on 6,000,000 new types of DDoS attacks alone. 

This is according to the recent report from Netscout, which is entitled the “DDoS Intelligence Report”.  More information about this can be seen at the link below:

https://www.netscout.com/threatreport

But keep in mind, it is not just Eastern Europe where all of these DDoS attacks are happening.  It is also happening in other parts of the world, which includes the following:

*India, total number of attacks went up (specific number not known)

*Belize, total number of attacks went up (specific number not known)

*Finland, which witnessed an increase of 258% in the total number of DDoS attacks;

*Hong Kong/China/Taiwan, total number of attacks went up (specific number not known)

It is interesting to note that these DDoS attacks which happened were not just solo events, rather, there was an event which triggered it.  For example, in the ones with Finland and India, it was once again the Ukrainian  - Russian that triggered them.  In the case of Hong Kong/China/Taiwan, it was the recent visit by Nancy Pelosi, which was once again, the main trigger. 

But here is the scary fact:  It is not the Cyberattacker themselves that are launching these DDoS attacks, but rather, it is groups that are hired from the Dark Web.  These are technically known as “Booter/Stressor” services, and these are outsourced groups that will launch a DDoS for almost pennies on the dollar for the Cyberattacker. 

But even here, this is nothing new, as a Cyberattacker can even hire a paid service to even launch a devastating Ransomware attack.  This is also known as a “Ransomware as a Service”.

My Thoughts On This:

Obviously, no kind of Cyberattack against anybody is good.  Most of the victims are just innocent by standers.  But here is the sliver lining, if there was one, through this kind of attack.  A DDoS attack cannot just be pinpointed at a target. 

Rather, it has to go through the DNS system, and at some point, to the Internet Service Provider (ISP).  Because ISPs have become much better at responding to different threat vectors, the chances are high that they will be able to bring back up services and websites fairly quickly after a DDoS attack has happened.

But of course, it all depends upon the magnitude of the attack.  The larger the DDoS attack is, the longer time it will take to resolve.  But the bottom line is that yes, everything should all be fine in the end.  But this does not relieve of your duties to protect your company. 

As CISO (or even vCISO), you still have a responsibility to your employees and organization to make sure that all controls are put into place to mitigate the risks of any kind of Cyberattack from happening.

The best way to do this is to conduct a comprehensive Risk Assessment once again on those assets (such as servers, Web based apps, databases, etc.) that are facing towards the external environment and are available for the public to access.  After you do this, it is always very prudent to conduct a Penetration Test to see where any other gaps or vulnerabilities may at.

But also keep in mind that your partner companies, especially the third-party suppliers are also prone to becoming a victim of a DDoS attack, and they need to be fully aware of that, and take the same, proactive steps that are you taking as well.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...