The “Dark” Side of DDoS Attacks – it’s all about misdirection

DDoS attacks are no longer the simple brute force attack they used to be. These days they regularly form part of a much more complex attack vector and can be targeted at any business. Read on to learn more about this emerging trend in cyber-crime.

dark side

Distributed Denial of Service (DDoS) attacks are not a new thing - the first recorded denial of service (DoS) attack is reported to have occurred in 1974, around a decade before the Internet even existed. A 13 year old boy named David Dennis went down in history by writing a programme that remotely locked up multiple terminals in a university computer laboratory.

These days, DDoS attacks are not executed by bored but inventive children, they are a tool used by hacktivist groups and organised criminals alike. Banks, politicians, businesses and even reporters have all found themselves targeted in recent years as techniques have become more sophisticated and attacks have grown in magnitude. As more of our lives are conducted over the Internet, and more companies' revenue streams are being delivered through their websites, attacks that prevent access to our favourite websites have become big business.

Over the last few years, a new type of DDoS attack has been showing itself - "Dark DDoS" attacks. In these, the DDoS attack is just a smokescreen to cover other, more nefarious activities, which are undertaken while IT staff are distracted trying to stop the attack. The attacks are typically smaller in size than many traditional DDoS attacks as they are not trying to prevent access to the target resources, just hide their true purpose - data exfiltration, installation of trojans and so forth. Some of the most high profile hacks of recent years have taken place under the cover of a dark DDoS attack, including Carphone Warehouse and Talk Talk.

Experts across the industry all agree that this remains a huge potential risk for businesses of all sizes – Arbor Networks revealed that they had tracked 124,000 DDoS attacks over 18 months between January 2015 and June 2016, while Incapsula’s DDoS Threat Landscape Report 2015-2016 describes a 211% increase of attacks year-on-year. IDC’s Worldwide DDoS Prevention Products and Services Forecast 2017-2021 published in May 2017 adds to the discussion by stating that many organisations focussing on digital transformation are not including security measures as part of their planning process. This means that some businesses find themselves with inadequate levels of protection against DDoS attacks, which also leaves parts of their infrastructure open to infection to be used as part of a botnet, or network of attacking devices for future attacks.

It’s clear to see that this method of attacking websites is something that everyone should be concerned about. It’s also clear that to effectively protect yourself against DDoS, you need to find a trusted partner that can work with you to design a holistic security approach for your company. With over 10 years’ experience in mitigating DDoS attacks, and a global network of scrubbing centres to strip out malicious traffic, CenturyLink have security solutions to suit most businesses. Whether you just need protection from DDoS attacks, or a more complex managed security solution designed to protect your entire infrastructure, we can help. We’ve been recognised by Forrester as a leader in the “Forrester Wave™: DDoS Service Providers Q3, 2015”, so get in contact today and find out how we can help keep your business running and protect your valuable brand and reputation.

Matthew Johns, Product Marketing Manager, EMEA

Matthew is a member of the CenturyLink marketing team. He has over 20 years' experience in the IT, cloud and hosting industry gained in a variety of roles spanning project management to product release and product marketing. Matthew has a key focus on Digital Transformation and Cyber Security, including how organisations can best transition to the cloud and secure their critical assets - particularly with the General Data Protection Regulation (GDPR) looming ever closer..

Blog Cybersecurity Digital Transformation

Signup for Latest News

Gartner 2015 Magic Quadrant For Cloud IaaS

The market for cloud compute infrastructure as a service is maturing and rapidly evolving. Strategic providers must be chosen carefully. Gain insights into the future of public cloud infrastructure-as-a-service with a detailed analysis of all the major vendors.

See why CenturyLink was named a visionary by Gartner.


rss centurylink uk

Share This

Share This

Share this post with your friends!