International Cybersecurity Congress 2018: DDoS is the business of petty criminals
From 5-6 July 2018, Moscow welcomed cybersecurity professionals from all over the world in the first International Cybersecurity Congress (ICC), Sberbank’s conference with aims to become a global reference in the area.
Distributed denial of service (DDoS) attacks are simple on paper, but what makes them so dangerous is how easy it has become to launch an attack of this type.
In fact, it was only this year that we saw the largest DDoS attack in the US.
Speaking to FinTech Futures, a spokesman for Karspersky explained to us that due to the nature of these attacks, it is of no use to stop them, but rather, redirect them for the duration of the attack to a more stable facility, which is able to withstand the attack without disrupting the line of business too much.
What does Karspersky data tell us about them? Well, for starters, unlike what is widely believed, the perpetrators of DDoS attacks do not necessarily reside in Eastern Europe.
Karspersky tells us that there is indeed a high number of attacks that originate from this region, but it’s only due to the large amount of faulty, unused or abandoned server facilities that get repurposed for malicious attacks.
Fortunately for us, DDoS do not get much more sophisticated over time. What evolves is the ease of access and the low entry barrier for those with intentions of executing an attack like these.
On the one hand, there is not a need for high IT skills to run these attacks. Anybody with a little interest can download the software and learn how to use it for free. This means that if you have heard of a DDoS attack, you can virtually launch one.
There are plenty of websites that offer DDoS attack services, through which the owners offer software and server services for your average Joe. These owners manage their sites like any online rental or merchant service.
On the other hand, the motivations for the consumers of these sites are slightly more disconcerting. We were told that there are attacks perpetrated by market competitors, who just want to disrupt the opponents.
As attacks require such low investment, disgruntled employees, customers and activists can find ways to target the institutions they so loath.
For example, one of the most significant DDoS attacks in Russia was launched by teenagers from across Tatarstan, who unionised against a regional online education platform. The platform reported to their parents, being an online tattletale about their school marks and misdeeds. Quick social media action prompted a surprisingly well organised DDoS attack.
Want to know more about Sberbank and its tech? Read our in-depth case study here.