The DDoS scourge

This past weekend, one of the largest banks in the world, HSBC suffered a major DDoS attack. Details of that attack are now coming in: http://www.gizmodo.co.uk/2016/01/hsbc-bank-hack-locks-out-online-customers/

So I took a look at the history of the DDoS scourge and how it evolved quickly into the cybercriminals top offensive tool.

In January 2007, security researchers discovered the Storm botnet. The Storm botnet had a particular defensive capability and that is it would DDoS any system that would scan online for Storm botnet infected pcs. This defensive capability made it particularly difficult to find and track as it would often take out the researchers internet connection.

In the same year 2007, the Cutwail botnet was detected and grew into one of the largest botnets by the end of 2009. In 2010, it attacked the CIA and FBI. It is also responsible for spreading the Gameover ZeuS malware for stealing banking credentials.

Fast forward to today, the XOR DDoS botnet frequently used by cybercriminals to target and attack linux based server systems. At its peak, XOR DDoS attacks are pushing 150+ Gbps. Typically, the attacks are preceded with ransom notes demanding payment in bitcoins.

You can see from 2007 to today, DDoS capability has moved from defensive to offensive. So in 2016 expect to see more DDoS attacks used not just in a direct ransom method but rather as a distraction for other malicious activity such as phishing campaigns, dropping trojans and malware, or redirecting users to malicious websites for stealing credentials.