DDOS remains one of the most difficult attacks to defend against - by definition, the attack is perpetrated simultaneously from large numbers of devices including home and business users wherever a Trojan has been deployed. This makes the standard countermeasure for DDOS - blocking/blacklisting associated IP addresses - extremely hard.
We recently saw how devastatingly effective DDOS attacks can be - both Microsoft XBOX Live and Sony PlayStation servers were crippled by a prolonged DDOS attack from the Lizard Squad hacking group. The Lizard Squad have now claimed that these attacks were simply a 'marketing campaign' to demonstrate their capabilities, and that their DDOS service is now available for hire. As Mr Anstee explains here DDOS attacks are complex and difficult to carry out, therefore Lizard's 'innovation' is a concern. DDOS attacks have been used to extort ransoms in the past, with Vimeo, Shutterstock, MailChimp and Bit.ly all being subject to DDOS coercion.
With large attacks becoming increasingly common – around 40% of organisations experiencing more than 21 attacks a month - it’s time to defend against DDOS. Indeed, defending against DDOS is, by the very nature of public-internet-based services, a tough job. One route for mitigation is to better prevent the establishment of Botnets in the first place – this requires a more malware-aware public with better computer-hygiene standards. Once a botnet is invoked, organisations should isolate the malware responsible and get it removed – before the damage occurs.