The number of Bitcoin ransom demands associated with DDoS attacks could increase significantly this year if the trend continues to grow at the rate we experienced at the end of 2015.
But what is fuelling this type of attack and what makes it a successful tactic? The answer has many variables, but the extortion game pricing strategy is one to consider. Like many economists and business strategists around the world, the hackers are adopting gaming theory to try and elicit a favourable outcome for both parties. By pricing their ransom demands below the cost of re-routing DDoS attack traffic through a cloud-based scrubbing centre, extortionists hope to tempt the victims into an economically viable method of squelching damaging attacks.
In this light, the ransom can seem like a cost-effective solution to eliminating a DDoS attack, but succumbing to these demands offers no guarantee that the attacker keeps his word. Even worse, just one highly publicised event where the demands were met by the targeted victim, causes the extortion game to spread like wildfire, inspiring other attackers to utilise this technique.
Organisations using this method of defence also experience a huge escalation of costs due to the evolving nature of today’s DDoS attacks. Whereas it was once common to simply flood a network with traffic, today’s attackers utilise a range of different methods to achieve their goals.
Our customers have experienced a huge surge in the number of DDoS attacks targeting their organisations, with a 32 percent quarterly growth recorded at the end of last year – so it’s easy to see how switching to the cloud in each instance of an attack would quickly break the bank. The attackers know the costs associated with this type of mitigation strategy and seek to exploit this.
This level of automation works considerably faster than humans and requires in-line visibility coupled with a high-performance mitigation solution to respond effectively.
The weaknesses of outsourced defence tools – being slow to react, expensive to maintain and unable to keep up with shifting and progressive threats – tell us that solutions appropriate for today need to be always-on and instantly reactive. It’s clear they also need to be adaptable and scalable so that defences can be quickly and affordably updated to respond to the future DDoS threat landscape – however it may evolve.
This type of defence is also increasingly available to purchase as a service from Internet Service Providers, who can position this kind of mitigation at a suitable peering point upstream in their network, in order to defend customers’ from DDoS attacks across their infrastructure.
Dave Larson is COO at Corero Network Security.
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…