Recently, hacktivists from Lizard Squad launched an alleged DDoS attack against Blizzard's Battle.net leaving players unable to log in to popular games such as Overwatch, Hearthstone and World of Warcraft. DDoS attacks, or Distributed Denial of Services, occur when a malicious entity floods a network with fake traffic designed to cripple and take down the company's server and not only are consumers affected but they can often get caught in the crossfire.
Besides having problems logging in, Overwatch players were also disconnected from matches. In 2014, Lizard Squad successfully shut down the online Xbox and Sony PlayStation gaming networks, which caused major outages during peak holiday gaming season and went as far as issuing a bomb threat on Sony executives.
More recently, Lizard Squad has used its LizardStresser botnet consisting of a large number of Internet of Things (IoT) devices (namely compromised web surveillance cameras), to launch multiple, large DDoS attacks against various sites related to the 2016 Rio Olympics.
The reality is that just about every geopolitical event and social movement now has its “Cyber Reflection” in the cyber world. The 2016 Rio Olympics was such an event. As human activists protested in the streets of Rio de Janeiro, cyber hacktivists launched DDoS attacks against the networks and websites of entities such as Brazilian banks, ISPs and sponsors who were either directly or tangentially related to the supporting the Rio Olympics.
Swimming Australia's website was also hit by a DDoS attack during the Rio Olympics. The ABC reported that the site was operating in an "under attack" mode in the wake of Olympic gold medallist Mack Horton's comments about his Chinese competitor Sun Yang being a drug cheat.
In another politically motivated attack in August, the Australian Bureau of Statistics (ABS) claimed that a series of DDoS attacks, which led to the census website being shut down for over 24 hours, were part of a deliberate attempt to sabotage the national survey that was unpopular due to concerns over privacy.
The Cyber Reflection is a global phenomenon that can affect any organisation with an Internet presence – all it takes is to be in the wrong place at the wrong time. Not only does it impact the target business entity, but unfortunately, it also affects the consumers of those entities.
Consumers get caught in the crossfire all the time. It’s known as the “collateral damage” of a DDoS attack. For example, the attacker may be targeting a specific online retail company, because they are disgruntled over a prior transaction – or a sponsor of the Rio Olympics. The attack impacts not only the online retailer, but also all those consumers who are trying to transact with the online retailer.
The chart above comes from Arbor Networks’ most recent Worldwide Infrastructure Security Report (WISR) and offers a rare view into the most critical security challenges facing today’s network operators. Based on survey data provided by service provider, enterprise, cloud, hosting and other network operators from around the world, this annual report provides real-world insight into the security threats that organisations face.
The survey asked service providers which verticals they see as being targets of DDoS attacks. As noted above, it’s across the board. In other words, any online, cloud-based service can be the target of a DDoS attack (for whatever reason). The innocent consumers of these service-providers whether they are shoppers, gamers, students or e-traders use online services and are therefore impacted, meaning the “collateral damage” can be much wider than expected.
In a growing number of cases, DDoS is being used as a smokescreen. DDoS is being used to cover up fraudulent wire transfers, exfiltration of confidential data (i.e. credit cards, health care records). Unfortunately the consumers of these services are impacted just as much as the target organisation.
Sadly, this is the new normal and anyone could be affected by current events through a DDoS attack. Anyone, with no technical knowledge, can now launch a DDoS attack against any organisation that they think deserves it and the consumer can absolutely get caught in the crossfire. For a very modest fee, (around $5 per hour) attackers can employ one of the many DDoS attack services and tools, point it to their target and cause significant damage – potentially having a much greater impact than a small group of protesters could achieve in the physical world.
Take a Step Back
Here’s the lesson for everyone: pay attention to what’s happening in the real world. Keep an eye on the news for geopolitical events that could provide the motivation for the next attack, such as the recent Australian Census, The Federal Election or even the Melbourne Cup for those that want a ban on horse racing after a greyhound racing ban was achieved in NSW, and later reinstated.
Here are some useful tips for consumers to avoid being caught in the crossfire:
- Don’t rely 100% on the online service being reliable and have a backup plan in place (i.e. visit a real store, have hard copies of your bank account, trades and so on)
- Keep an eye on your credit card transactions and look out for fraudulent activity due to a potential compromise of your data
- Before you sign up with a cloud service ask about their DDoS protection.
If you suspect that you could be a target or have been caught in the crossfire of an attack, then these few tips can help you understand the potential threat and help you protect yourself.
The best way to stay safe is to remain vigilant. You should never click on links sent to you via unknown email addresses and you should do everything you can to avoid less-than-reputable websites. To protect yourself, you should consider investing in cyber security software. These tools help to catch the malware used to bring innocent consumers’ computers into botnets, ensuring that you and your family are as safe as you possibly can be while online.
Article by Scott Crane, director of product management for ATLAS, Arbor Australia