Distributed Denial of Service (DDoS) attacks have become a more potent challenge due to technological advancements and various facilitating factors. These attacks, when combined with other cyber threats, can result in severe disruptions and consequences for digital infrastructure.
In June 2023, Microsoft detected heightened traffic targeting its flagship office suite, causing temporary disruptions to services like Outlook, OneDrive, and its cloud platform. An investigation revealed a DDoS operation orchestrated by a threat actor tracked as Storm-1359. Despite the operation’s complexity, Microsoft assured customers that there was no unauthorized access to customer data. The threat actor seemed focused on disruption and publicity, and a group named ‘Anonymous Sudan’ claimed responsibility shortly after the outage.
DDoS Attacks and Enabling Factors:
DDoS attacks render websites and services inaccessible by overwhelming them with excessive traffic. Perpetrators exhaust resources, rendering services unusable. Attackers utilize botnets—networks of coordinated bots—to flood targets with traffic. Diverse attack vectors lead to various types of DDoS attacks.
The prevalence of DDoS attacks has grown due to technological advancements, expanding attack surfaces, and inadequate cybersecurity measures. The rise of Internet of Things (IoT) devices has increased vulnerability. The availability of DDoS attack services has narrowed the gap between skilled and amateur hackers, facilitated by the underground market.
DDoS attack motivations vary: hacktivists for ideological reasons, cybercriminals for financial gain, and states for geopolitical objectives. Geopolitical events dominated DDoS threats in the first half of 2022, with the financial sector most targeted. Ideologically-driven groups targeted opposing nations and their supporters. Ransom DDoS attacks extort payments, distinct from ransomware.
DDoS attacks serve as reconnaissance and are integrated into triple extortion ransomware strategies. Attack rates reached 200 Gbps during 2020-2021 RDDoS campaigns.
Case of Anonymous Sudan:
Anonymous Sudan exemplifies DDoS weaponization. Emerging in January 2023, it targeted countries based on perceived anti-Islamic actions. It aligned with Russian hacktivists and engaged in joint operations. Anonymous Sudan shifted from hacktivism to extortion for financial gain.
Anonymous Sudan’s Motivation and Modus Operandi: Anonymous Sudan’s motivations include religious and political factors. It claimed affiliation with the Anonymous collective and used Russian language alongside Arabic and Persian. Interviews revealed dynamic tactics tailored to targets. The group demanded $3 million from an airline and rented servers for attacks.
Attacks in India:
After drawing attention to its ‘religiously’ motivated attacks in the Western world, the group shifted its focus towards targeting Indian infrastructure. The attacks specifically targeted airports, hospitals, and other critical infrastructure.According to a report, India ranked second in terms of being the most targeted country by religious hacktivist groups, after Israel. In April 2023, a well-coordinated DDoS attack was launched against major airports and healthcare institutions in India. Anonymous Sudan, which claimed responsibility for the incident, used a combination of Layer 3–4 and Layer-7 DDoS attacks that lasted nearly nine hours.
According to the Indian Computer Emergency Response Team’s (CERT-In) Annual Report of 2021, the agency handled 1,402,809 incidents, including website defacements and DDoS attacks. Also, the Botnet Cleaning and Malware Analysis Centre (Cyber Swachhta Kendra) under CERT-In is instrumental in tracking botnet/malware infections and notifying end users in collaboration with internet service providers and organisations. The Cyber Swachhta Kendra initiative is crucial as botnets, through sheer volume, have been responsible for some of the most large-scale DDoS attacks.
While the consequences of DDoS attacks may appear insignificant, they should not be underestimated. These attacks can potentially incur significant costs to an organisation regarding time, finances, and reputation. Furthermore, they can lead to the loss or deterioration of essential services, including critical sectors such as healthcare. A threat actor might also employ a DDoS attack as a means to redirect focus from more sinister activities, such as the insertion of malware or the unauthorised extraction of data.
As the government continues to spread awareness about such threats, organisations, especially those managing critical infrastructure, must take initiatives to prevent and mitigate DDoS attacks. Such organisations must develop a DDoS response plan and promote a culture of cyber hygiene among their workforce. In short, DDoS is no longer a low intensity/low impact threat but a danger with actual loss and cost.