{"id":4753,"date":"2022-05-17T14:30:36","date_gmt":"2022-05-17T02:30:36","guid":{"rendered":"https:\/\/www.chillisoft.net\/?p=4753"},"modified":"2023-03-12T23:16:29","modified_gmt":"2023-03-12T10:16:29","slug":"what-drives-ddos-attacks-and-why-it-should-be-a-concern","status":"publish","type":"post","link":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/","title":{"rendered":"What Drives DDoS Attacks and Why it Should be a Concern &#8211; Radware"},"content":{"rendered":"<p><strong>What is a DDoS Attack?&nbsp;&nbsp;<\/strong><\/p>\n<p>DDoS stands for Distributed Denial of Service attacks. Let\u2019s&nbsp;ignore the Distributed for now as it refers mainly to the technique and let\u2019s focus on the Denial of Service first. As the&nbsp;term implies, the objective of a DoS attack is to disrupt&nbsp;or deny services from legitimate users. A service can be anything&nbsp;including&nbsp;web sites&nbsp;that provide information,&nbsp;online services&nbsp;such as ecommerce&nbsp;sites&nbsp;or backend services such as payment processing,&nbsp;the&nbsp;communication between organizations and cloud applications, the connectivity of remote internet controlled industrial processes or sensors.<\/p>\n<p>The objectives&nbsp;of the attacks&nbsp;include defacement,&nbsp;creating an&nbsp;impact on the economy of an organization or nation&nbsp;by impacting productivity,&nbsp;creating chaos,&nbsp;or&nbsp;as a smoke screen to hide another attack. Overwhelming&nbsp;a network with random traffic&nbsp;will distract the defenders and give attackers the opportunity and time to&nbsp;perform malicious activity on the side while going undetected as defenders are focusing on the most impacting&nbsp;issue&nbsp;which is the Denial of Service&nbsp;attack.<\/p>\n<p>Depending on the objective, denial of service attacks can be performed in different ways.&nbsp;A volumetric&nbsp;denial of service&nbsp;attack&nbsp;for example&nbsp;aims at saturating connections&nbsp;to the service or between organizations and the cloud or between branches and headquarters&nbsp;basically&nbsp;hampering&nbsp;all&nbsp;legitimate communications&nbsp;and stopping&nbsp;all&nbsp;data traffic.<\/p>\n<p>A&nbsp;Denial of&nbsp;Service attack can also be targetted at a specific service like a website,&nbsp;an API or a Domain&nbsp;Name&nbsp;Service (DNS)&nbsp;in which case the resources of the server&nbsp;are&nbsp;the target. Such&nbsp;application layer&nbsp;or L7&nbsp;attacks can&nbsp;completely&nbsp;disrupt&nbsp;the service&nbsp;or they&nbsp;can be more insiduous like low and slow&nbsp;attacks that eat away at resources and&nbsp;impact&nbsp;the&nbsp;user experience,&nbsp;forcing&nbsp;the owner of the service to invest in more resources&nbsp;such as&nbsp;CPU, memory or bandwidth to sustain an acceptable level of service. If such attacks go undetected for a long time, they can drain&nbsp;the economic viability of a business or service.<\/p>\n<p>Another type of&nbsp;Denial of&nbsp;Service attacks,&nbsp;exceptional but still important enough to consider as a threat,&nbsp;are vulnerabilities in software or hardware that can result in&nbsp;the&nbsp;crash of&nbsp;a&nbsp;process, halting or rebooting&nbsp;of a&nbsp;device, just&nbsp;by sending malformed packets. A single packet can result in processes exciting without reason&nbsp;or&nbsp;long reboot cycles and can be very disruptive if not discovered timely. Given&nbsp;the attack consist of&nbsp;a single packet, finding the culprit amongst millions of packets and connections can be a daunting task and mostly these attack are discovered by analyzing the crash dumps of kernels or processes. Most of these exploits have a short lifetime&nbsp;because once&nbsp;the vulnerability is discovered,&nbsp;it can be patched and updating systems or network signatures can easily prevent this&nbsp;attack. Nonetheless, the come around from time to time.<\/p>\n<p>Performing a&nbsp;Denial of&nbsp;Service attack does not require extensive skill or&nbsp;specific knowledge, in most cases it requires&nbsp;knowledge of the location of the service, its IP address for example and enough powerful infrastructure to perform the attack. The&nbsp;attack&nbsp;infrastructure can&nbsp;consist of&nbsp;cloud servers, but attackers can also leverage a growing range of consumer and prosumer IoT devices such as IP cameras&nbsp;and&nbsp;routers and enslave them to perform large scale&nbsp;distributed&nbsp;attacks. Because attack traffic&nbsp;originates from all parts of the globe and from different devices, we refer to these attacks as Distributed Denial of service attacks.<\/p>\n<p><strong>What a DDoS Attack is not&nbsp;<\/strong><\/p>\n<p>As you followed along, you probably noted that there is no infiltration of networks&nbsp;or&nbsp;breaching of servers involved in&nbsp;Denial of&nbsp;Service attacks.&nbsp;An organization that suffered a Denial of service attack will not be subject to stolen data or have persisting malicious software in their infrastructure as a result. With the exception of DDoS as a smokescreen, once the DDoS attack stops, the organization can recover its services and continue its operations, very much unlike ransomware where the organization is typically left in an inoperative state until it recovers or restores its internal systems, and even them it can take days, weeks or months to&nbsp;fully&nbsp;recover&nbsp;all services and operations.<\/p>\n<p>The flip side,&nbsp;however,&nbsp;is that attackers can perform DDoS attacks with very little worries about being caught. Leveraging IoT devices, spoofing and reflection, it becomes very difficult, near impossible even, to attribute the traffic to specific actors. The threshold to perfom a DDoS attack is by consequence much lower compared to infiltrating and extracting information from private networks.<\/p>\n<p>How big is the threat from DoS attacks? Which organizations or industries are particularly at risk?&nbsp;Who are the actors behind those crimes?&nbsp;What are they after and what motivates them?<\/p>\n<p>Starting 2020&nbsp;we have&nbsp;witnessed a surge in DDoS activity&nbsp;driven by&nbsp;Ransom DoS&nbsp;campaigns&nbsp;that have become a persistent part of the DDoS&nbsp;threat&nbsp;landscape&nbsp;as well as&nbsp;several political and sociological events like elections, #blacklivesmatter&nbsp;and&nbsp;struggles inside and between nations.<\/p>\n<p>To understand the threat and&nbsp;assess the&nbsp;risk&nbsp;for your&nbsp;organization, you need to understand the actors, who they are and what their objectives are. Know how they typically perform attacks. The tactics and techniques leveraged by malicious actors will depend on their&nbsp;objective and skill level. And finally, the actor requires something that is of value to you that he can impact \u2013 this is where the opportunities for malicious actors lie and typically consist of important and valuable assets or vulnerabilities.<\/p>\n<p><strong>Organized crime&nbsp;<\/strong><\/p>\n<p>Since August 2020 we have seen Denial of Service extortion or Ransom DoS campaigns targeting all verticals across the globe. Campaigns that were very persisting and where actors posing as Fancy Bear, Lazarus group or the Armada collective sent threatening email messages to organizations. Threathening the organization that they were chosen as the target for their next DDoS attack, refering to some of their previous work and continuing that they they will start a large DDoS attack very soon. To prove their threats are to be taken serious, they will perform a small attack using just a fraction of their attack infrastructure on a given asset of the threatened organization.<\/p>\n<p>To avoid the attack they propose to pay a ransom of 10 to 20 bitcoin&nbsp;to a specific bitcoin address. Failing to pay before the attacks start will increase the fee with&nbsp;5 or&nbsp;10 bitcoin&nbsp;for every missed deadline while the attack continues.<\/p>\n<p>Between october and november, the ransom&nbsp;letters seem to slow and eb away. Until second half of december where we started to hear&nbsp;from&nbsp;customers&nbsp;receiving&nbsp;new letters. Organizations that were targeted before and received a ransom letter were now&nbsp;subject to a second letter that said&nbsp;the attackers were busy with more profitable projects and they are now back. They refer to the same bitcoin address and ask for a ransom between 5 and 10 bitcoin. The lower ransom&nbsp;was&nbsp;explained&nbsp;by the&nbsp;rise in&nbsp;bitcoin value&nbsp;that&nbsp;surged&nbsp;in&nbsp;December&nbsp;to&nbsp;over a 100%&nbsp;increase compared to earlier&nbsp;that&nbsp;year.&nbsp;They said&nbsp;they&nbsp;would&nbsp;never give up and they will always come back until they are paid.<\/p>\n<p>Come March of&nbsp;2021&nbsp;and&nbsp;as we&nbsp;started to put the last&nbsp;Ransom&nbsp;DoS&nbsp;campaign behind us,&nbsp;it would only take until&nbsp;May&nbsp;when&nbsp;new letters started to surface. This time a group,&nbsp;most probably unrelated to the actors from&nbsp;the&nbsp;previous campaigns, was posing as \u2018Fancy Lazarus\u2019.&nbsp;A moniker invented specifically to instill even more fear into&nbsp;victims by combining Fancy Bear, the russian APT, known for its ties to the russian governoment and&nbsp;promoting the political interests of the Russian government&nbsp;and the group believed to be&nbsp;responsible for&nbsp;hacking&nbsp;the&nbsp;Democratic National Committee emails&nbsp;in an&nbsp;attempt to influence the outcome of the United States 2016 presidential elections,&nbsp;cyber attacks on the German&nbsp;and&nbsp;Norwegian parliaments, the French television station TV5Monde, the White House, NATO, and&nbsp;attempting to influence&nbsp;the campaign of French presidential candidate Emmanuel Macron.<\/p>\n<p>And Lazarus&nbsp;Group, the&nbsp;North Korean APT&nbsp;believed to be a state-sponsored hacking organization responsible for the 2014 attack on Sony Pictures, the 2016 bank hiest on the Bangladesh bank where they successfully got away with 81 million USD.&nbsp;This time the malicious actor or group were primarily targeting unprotected assets from organizations in different verticals.&nbsp;Asking for a 0.5 to 5 bitcoin ransom to prevent the attack.<\/p>\n<p>September&nbsp;of 2021&nbsp;was marked by service impacting DDoS&nbsp;attacks on VoIP telecommunications providers in the United&nbsp;Kingdom and Canada. Starting September 1, UK South Coast\u2013based VoIP operator Voip Unlimited disclosed it was hit by a&nbsp;sustained and large-scale DDoS attack it believed originated&nbsp;from the Russian ransomware group \u201cREvil\u201d following what they&nbsp;described as a \u201ccolossal ransom demand.\u201d After 75 hours of&nbsp;continuous attacks, on September 3, Voip Unlimited reported a&nbsp;pause in malicious traffic and confirmed a few days later that they&nbsp;did not observe any further attacks.&nbsp;At the same time, also starting September 1, the London-based&nbsp;Voipfone reported suffering outages on voice services, inbound&nbsp;and outbound calls, and SMS services. It was later confirmed&nbsp;to customers via e-mail that Voipfone services had been&nbsp;\u201cintermittently disrupted by a DDoS attack.\u201d&nbsp;On September 16, a Canadian provider of telephony services,&nbsp;VoIP.ms, announced it became aware of issues preventing&nbsp;customers from accessing its website and were working toward&nbsp;a solution.<\/p>\n<p>One week later, the issue was still ongoing and&nbsp;was attributed to persistent aggressive DDoS attacks causing&nbsp;disruptions in phone calls and services.&nbsp;Public messages exchanged on Twitter between VoIP.ms and the&nbsp;threat actors going by the handle @REvil92457183 provided more&nbsp;insights. The threat actors behind the DDoS assault went by the&nbsp;name \u201dREvil,\u201d but there is no evidence they represent the same&nbsp;REvil ransomware gang that is known to have previously attacked&nbsp;prominent companies, including the world\u2019s largest meat&nbsp;processor, JBS. As a ransomware operator, it is not conforming to&nbsp;the tactics, techniques and procedures (TTPs) of REvil to perform&nbsp;DDoS extortion attacks. It cannot be excluded, though. It would&nbsp;not be the first time a criminal group is diversifying its activities.<\/p>\n<p>A now-removed Pastebin note put the initial ransom demand&nbsp;at 1 bitcoin, or a little over US$42,000 (at the time of publishing).&nbsp;However, only two days after the initial demand, the @REvil92457183 twitter account increased the demand to 100&nbsp;bitcoins, or over US$4.2 million, when it messaged: \u201dOk, enough&nbsp;communication\u2026 The price for us to stop is now 100 Bitcoin&nbsp;into the pastebin BTC address. I am sure your customers will&nbsp;appreciate your 0 f\u2026s given attitude in multiple law suits. REvil\u201d.&nbsp;The actors used Twitter to expose the attacks and condemn&nbsp;VoIP.ms for not paying, in an attempt to make its customers and&nbsp;partners put pressure on the service provider to pay the ransom&nbsp;and rid them of service disruptions. Ransomware operators use&nbsp;similar pressure tactics, such as leaking new victims and sensitive&nbsp;data obtained from victims on their dark web PR sites.&nbsp;Messages from VoIP.ms on Twitter show that the attacks were&nbsp;initially targeting VoIP.ms\u2019 domain name services. VoIP.ms&nbsp;mitigated these attacks by asking partners and customers to&nbsp;hardcode service IP addresses in their systems.<\/p>\n<p>On October 7, Voip Unlimited again reported intermittent loss&nbsp;of connectivity and voice services as its engineers were working&nbsp;to mitigate DDoS attacks against its telephony platforms. Issues&nbsp;were first reported on its service status webpage in the evening&nbsp;on October 7. In the evening on October 8, VoIP Unlimited was still&nbsp;reporting disruptions caused by ongoing DDoS attacks against its&nbsp;customers.<\/p>\n<p><strong>Hacktivist&nbsp;<\/strong><\/p>\n<p>Much the opposite of the&nbsp;organized crime, these malicious actors are not driven by financial gain but&nbsp;mainly&nbsp;by&nbsp;political or ideological ideas.&nbsp;They are out for defacement,&nbsp;doxing&nbsp;and&nbsp;destruction or&nbsp;disruption&nbsp;of websites&nbsp;and resources,&nbsp;all with the aim&nbsp;to promote a political agenda or a social change.&nbsp;Businesses can become entangled&nbsp;and in the crosshairs of hacktivists wihtout even having&nbsp;control over the situation. These groups are typcially unsophisticated but rely&nbsp;on&nbsp;their large following&nbsp;and social media to perform and promote attack campaigns.&nbsp;They use private forums to distribute and educate their followers on denial of service tools. These tools are&nbsp;typcially ancient&nbsp;and&nbsp;very&nbsp;simple, well known&nbsp;and publicly available. Yet, in the hands of a large&nbsp;enough&nbsp;crowd, these simple attack tools become very effective distributed weapons. In the recent attack campaigns&nbsp;orchestrated&nbsp;by the politically&nbsp;oriented&nbsp;hactivist group Dragon Force Malaysia, tools like torshammer, low&nbsp;and high&nbsp;orbit ion&nbsp;canon&nbsp;also&nbsp;known as LOIC and HOIC,&nbsp;and&nbsp;a mobile attack tool for Android called Garuda, were leveraged&nbsp;in cyber attacks&nbsp;against Israeli targets throughout the month June and July&nbsp;2021&nbsp;to protest against the&nbsp;strengthening of&nbsp;diplomatic ties beween&nbsp;the Israeli governemnt and&nbsp;Southeast Asia\u2019s Muslim-majority nations.<\/p>\n<p><strong>Disgruntled employees and angry customers&nbsp;<\/strong><\/p>\n<p>Another group of&nbsp;typically&nbsp;lesser sophisticated&nbsp;attackers, operating as lone-wolfs, are disgruntled employees and angry customers.&nbsp;The gaming and&nbsp;betting industry&nbsp;is frequently targetted by&nbsp;unhappy&nbsp;customers&nbsp;that act on flaring emotions and driven by anger upon losing large amounts of money in&nbsp;bets. But we also see this group across other verticals, like when a website is&nbsp;advertising wrong information, an incorrect or unadequate delivery&nbsp;of goods or services, etc.<\/p>\n<p>Given their needs for immediate and temporal access to an adequate tool, this group mostly resorts to publicly available DDoS-as-a-Service portals that provide convenient and subscription based access to DDoS botnets and attack servers. In just a few clicks these actors can easily disrupt online resrouces and harm the reputation of businesses.<\/p>\n<p><strong>Nation states&nbsp;<\/strong><\/p>\n<p>Nation States on the other hand have the expertise and resources to build vast weapons&nbsp;of destruction, in the physical as well as in the cyber world. Mostly known for using cyber&nbsp;weapons to cause disruption&nbsp;and chaos in an attempt to destabilize economies or regimes.&nbsp;Critical&nbsp;infrastructure such as power grids, fuel pipelines, water supply, but also financial institutions can be the target of&nbsp;competing nations and fall victim to large scale attacks, amongst which DDoS are very effective as attribution is so hard and&nbsp;one of the prime objectives of nation state attacks is not to get caught in the act or&nbsp;trying to influence foreign politics by&nbsp;blaming&nbsp;another nation.<\/p>\n<p><strong>Competitors&nbsp;<\/strong><\/p>\n<p>Finally,&nbsp;I want to&nbsp;highlight a frequently forgotten&nbsp;threat group that is more present than most would suspect: competitors.&nbsp;Unsurprisingly, this group\u2019s aim is to&nbsp;get&nbsp;competitive advantage&nbsp;by destroying the reputation, stealing intellectual property or undercutting prices&nbsp;of competing businesses and nations.&nbsp;This group will resort to automated attack tools such a bots&nbsp;to&nbsp;scrape information, some will hire attackers to&nbsp;disrupt services while other will step up the game and sponsor&nbsp;groups to infiltrate and steal confidential&nbsp;and sensitive information.<\/p>\n<p>In the aftermath of the Mirai botnet attacks against Krebs, OVH and Dyn DNS, an actor going by the name&nbsp;of \u2018best buy\u2019 was observed&nbsp;and stopped while&nbsp;trying to enslave 900,000 of Deutsche Telecom\u2019s consumer internet modems. Bestbuy, or Daniel Kaye in real life, already owned a 400,000 bot Mirai based botnet&nbsp;at the time. He started his project after being hired by the CEO of&nbsp;Cellcom Liberia&nbsp;to destroy the reputation of&nbsp;Lonestar MTN, Cellcom\u2019s&nbsp;largest competitor in Liberia.&nbsp;Daniel started his attacks through the most renowned&nbsp;stresser&nbsp;service&nbsp;at the time: \u2018vDoS\u2019.&nbsp;vDoS didn\u2019t provide him the power needed to disrupt a large mobile organization such as Lonestar.&nbsp;Given the then recent publication of the Mirai botnet source code, he picked up the code and build his own&nbsp;botnet.&nbsp;In November 2016, in an attempt to disrupt the services of Lonestar MTN, Daniel Kaye,&nbsp;hacker-for-hire,&nbsp;disrupted&nbsp;the internet connectivity of the whole of Liberia. Daniel Kaye was apprehended&nbsp;in January 2019&nbsp;in Luton&nbsp;Airport in London UK&nbsp;while&nbsp;travelling home to Cyprus after meeting with his&nbsp;Cellcom contact.<\/p>\n<p><strong>Which&nbsp;tools and techniques&nbsp;do attackers prefer to use for DoS attacks?&nbsp;&nbsp;<\/strong><\/p>\n<p>Actors&nbsp;who are less sophisticated will&nbsp;reach for DDoS-as-a-Service portals. These&nbsp;portals&nbsp;are widely available on the clear net&nbsp;and&nbsp;can be found through simple&nbsp;Google&nbsp;search.&nbsp;DDoS-as-a-Service&nbsp;platforms, also known as booters or stressers,&nbsp;wield&nbsp;enough attack power&nbsp;to&nbsp;impact most organizations.<\/p>\n<p>For those with bigger ambitions,&nbsp;like organized crime groups or&nbsp;hackers-for-hire,&nbsp;stresser services&nbsp;typically do not provide the scale, flexibility or&nbsp;Return on investment. They&nbsp;tend to&nbsp;build their own attack tools&nbsp;consisting&nbsp;of&nbsp;botnets&nbsp;and attack&nbsp;infrastructure. Botnets are typically used to generate high packet or request per second attacks&nbsp;that drain&nbsp;the resources of network devices or servers. Attack servers are typically used to perform reflection and amplification attacks. These servers scan for internet services that allow amplification attacks,&nbsp;such as DNS, NTP, SSDP, and Memcached, amongst others. Once amplification server lists are compiled, the attack server will leverage those in uplink saturating volumetric DoS attacks. Do not be mistaken, the internet is full of potential for amplification. Reflection points do not need be large servers. We have observed many attacks leveraging well-known&nbsp;router&nbsp;brands that expose DNS services that allow recursion by default.&nbsp;In 2021,&nbsp;academic researchers&nbsp;<a href=\"https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/bock\" target=\"_blank\" rel=\"noreferrer noopener\">published<\/a>&nbsp;a paper detailing new ways of leveraging forged TCP packets to generate&nbsp;devastating DDoS amplification attacks with amplification factors&nbsp;ranging from&nbsp;50,000 to 100,000,000s.<\/p>\n<p><strong>How can you protect yourself?\u202f Which defense mechanism is the most effective?&nbsp;&nbsp;<\/strong><\/p>\n<p>In our experience, a cloud-based&nbsp;solution is the most effective&nbsp;at stopping&nbsp;all attacks, even those volumetric attacks that are beyond the capacity of the internet links of the protected site. The ultimate&nbsp;solution for businesses that require&nbsp;the&nbsp;lowest latency and best protection is a hybrid DDoS solution.&nbsp;This option&nbsp;combines on-prem detection and prevention, while&nbsp;automatically&nbsp;diverting&nbsp;to a cloud scrubbing center when the attack volumes are&nbsp;threatening&nbsp;to saturate the internet links.<\/p>\n<p><strong>The future of the DDoS Threat Landscape&nbsp;&nbsp;<\/strong><\/p>\n<p>As bandwidths of interconnects, clouds and internet connections&nbsp;grow,&nbsp;attacks are becoming larger and more&nbsp;impactful. Our businesses and lives (home automation, online streaming, connected cars) are becoming ever more dependent on internet connectivity.&nbsp;Digitalization&nbsp;accelerated&nbsp;during the pandemic, and that means&nbsp;there is&nbsp;more opportunity to impact businesses and people through DoS attacks. Motivated by the success of&nbsp;past&nbsp;ransomware&nbsp;campaigns, there is a&nbsp;good probability&nbsp;to see&nbsp;an increase in&nbsp;ransom DoS attempts in the near future.<\/p>\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" class=\"wp-image-15101\" src=\"https:\/\/blog.radware.com\/wp-content\/uploads\/2022\/01\/image.png\" sizes=\"(max-width: 800px) 100vw, 800px\" srcset=\"https:\/\/blog.radware.com\/wp-content\/uploads\/2022\/01\/image.png 800w, https:\/\/blog.radware.com\/wp-content\/uploads\/2022\/01\/image-320x160.png 320w, https:\/\/blog.radware.com\/wp-content\/uploads\/2022\/01\/image-768x384.png 768w, https:\/\/blog.radware.com\/wp-content\/uploads\/2022\/01\/image-696x348.png 696w\" alt=\"\" width=\"800\" height=\"400\"><figcaption><em>Figure&nbsp;1: Total blocked malicious network events&nbsp;in Radware Cloud DDoS Protection Service \u2013 2020 vs 2021<\/em>&nbsp;<\/figcaption><\/figure>\n<p>With a steady growth in blocked malicious events per customer, it does not look like DDoS attacks will disappear anytime soon. With all the vulnerabilities disclosed in the last couple of years the opportunity to build large botnets and abuse more capable amplification services keeps growing. As we digitalize our businesses and our lives by migrating applications to the cloud, creating fully meshed dependencies between online and mobile applications, depending more and more on services and web APIs provided by third parties, connected cars, connected homes, consumption of online video, we start to depend ever more from cloud and connectivity and we make ourselves more vulnerable and create more opportunities for bad people to abuse.<\/p>\n<p>Motivated by the success of ransomware campaigns, there is&nbsp;high probability&nbsp;to see an increase in&nbsp;Ransom DoS attempts in the near future.\u202fMy team of researchers are all aligned on a future that will&nbsp;bring&nbsp;more&nbsp;and larger&nbsp;denial of service opportunity and attacks, which is why we are observing very closely the moves, tactics and techniques of malicious actors in the DDoS&nbsp;threat landscape, reporting and sharing our observations and trying to help businesses to protect themselves timely and accurately so bad guys can make little to no impact with their onslaughts. As with most security threats, if you can take away the economy from the threat, attacks and attackers will slowly fade away. But it is very much&nbsp;a perpetual circle that puts us back in every achievement as technology and digitalization of the world continues.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is a DDoS Attack?&nbsp;&nbsp; DDoS stands for Distributed Denial of Service attacks. Let\u2019s&nbsp;ignore the Distributed for now as it refers mainly to the technique and let\u2019s focus on the Denial of Service first. As the&nbsp;term implies, the objective of a DoS attack is to disrupt&nbsp;or deny services from legitimate users. A service can be<\/p>\n","protected":false},"author":9,"featured_media":4757,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[138,86],"tags":[96],"class_list":{"0":"post-4753","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-announcements","8":"category-updates","9":"tag-radware"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What Drives DDoS Attacks and Why it Should be a Concern - Radware - Chillisoft<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Drives DDoS Attacks and Why it Should be a Concern - Radware - Chillisoft\" \/>\n<meta property=\"og:description\" content=\"What is a DDoS Attack?&nbsp;&nbsp; DDoS stands for Distributed Denial of Service attacks. Let\u2019s&nbsp;ignore the Distributed for now as it refers mainly to the technique and let\u2019s focus on the Denial of Service first. As the&nbsp;term implies, the objective of a DoS attack is to disrupt&nbsp;or deny services from legitimate users. A service can be\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/\" \/>\n<meta property=\"og:site_name\" content=\"Chillisoft\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/chillisoftanz\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-17T02:30:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-12T10:16:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.chillisoft.net\/wp-content\/uploads\/2022\/05\/AdobeStock_201211820-01.png\" \/>\n\t<meta property=\"og:image:width\" content=\"834\" \/>\n\t<meta property=\"og:image:height\" content=\"557\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"David Gadnyx\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@chillisoft\" \/>\n<meta name=\"twitter:site\" content=\"@chillisoft\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Gadnyx\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/\",\"url\":\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/\",\"name\":\"What Drives DDoS Attacks and Why it Should be a Concern - Radware - Chillisoft\",\"isPartOf\":{\"@id\":\"https:\/\/www.chillisoft.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.chillisoft.net\/wp-content\/uploads\/2022\/05\/AdobeStock_201211820-01.png\",\"datePublished\":\"2022-05-17T02:30:36+00:00\",\"dateModified\":\"2023-03-12T10:16:29+00:00\",\"author\":{\"@id\":\"https:\/\/www.chillisoft.net\/#\/schema\/person\/3ce28d9ad7b618323a1818ec47079084\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#breadcrumb\"},\"inLanguage\":\"en-NZ\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-NZ\",\"@id\":\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#primaryimage\",\"url\":\"https:\/\/www.chillisoft.net\/wp-content\/uploads\/2022\/05\/AdobeStock_201211820-01.png\",\"contentUrl\":\"https:\/\/www.chillisoft.net\/wp-content\/uploads\/2022\/05\/AdobeStock_201211820-01.png\",\"width\":834,\"height\":557},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.chillisoft.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Drives DDoS Attacks and Why it Should be a Concern &#8211; Radware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.chillisoft.net\/#website\",\"url\":\"https:\/\/www.chillisoft.net\/\",\"name\":\"Chillisoft\",\"description\":\"Cybersecurity Solution Distributors\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.chillisoft.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-NZ\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.chillisoft.net\/#\/schema\/person\/3ce28d9ad7b618323a1818ec47079084\",\"name\":\"David Gadnyx\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-NZ\",\"@id\":\"https:\/\/www.chillisoft.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cec5986cebb7bd671ecd190a8388ed19?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cec5986cebb7bd671ecd190a8388ed19?s=96&d=mm&r=g\",\"caption\":\"David Gadnyx\"},\"sameAs\":[\"http:\/\/www.chillisoft.net\"],\"url\":\"https:\/\/www.chillisoft.net\/author\/david-gadnyx\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Drives DDoS Attacks and Why it Should be a Concern - Radware - Chillisoft","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/","og_locale":"en_US","og_type":"article","og_title":"What Drives DDoS Attacks and Why it Should be a Concern - Radware - Chillisoft","og_description":"What is a DDoS Attack?&nbsp;&nbsp; DDoS stands for Distributed Denial of Service attacks. Let\u2019s&nbsp;ignore the Distributed for now as it refers mainly to the technique and let\u2019s focus on the Denial of Service first. As the&nbsp;term implies, the objective of a DoS attack is to disrupt&nbsp;or deny services from legitimate users. A service can be","og_url":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/","og_site_name":"Chillisoft","article_publisher":"https:\/\/www.facebook.com\/chillisoftanz\/","article_published_time":"2022-05-17T02:30:36+00:00","article_modified_time":"2023-03-12T10:16:29+00:00","og_image":[{"width":834,"height":557,"url":"https:\/\/www.chillisoft.net\/wp-content\/uploads\/2022\/05\/AdobeStock_201211820-01.png","type":"image\/png"}],"author":"David Gadnyx","twitter_card":"summary_large_image","twitter_creator":"@chillisoft","twitter_site":"@chillisoft","twitter_misc":{"Written by":"David Gadnyx","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/","url":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/","name":"What Drives DDoS Attacks and Why it Should be a Concern - Radware - Chillisoft","isPartOf":{"@id":"https:\/\/www.chillisoft.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#primaryimage"},"image":{"@id":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#primaryimage"},"thumbnailUrl":"https:\/\/www.chillisoft.net\/wp-content\/uploads\/2022\/05\/AdobeStock_201211820-01.png","datePublished":"2022-05-17T02:30:36+00:00","dateModified":"2023-03-12T10:16:29+00:00","author":{"@id":"https:\/\/www.chillisoft.net\/#\/schema\/person\/3ce28d9ad7b618323a1818ec47079084"},"breadcrumb":{"@id":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#breadcrumb"},"inLanguage":"en-NZ","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/"]}]},{"@type":"ImageObject","inLanguage":"en-NZ","@id":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#primaryimage","url":"https:\/\/www.chillisoft.net\/wp-content\/uploads\/2022\/05\/AdobeStock_201211820-01.png","contentUrl":"https:\/\/www.chillisoft.net\/wp-content\/uploads\/2022\/05\/AdobeStock_201211820-01.png","width":834,"height":557},{"@type":"BreadcrumbList","@id":"https:\/\/www.chillisoft.net\/what-drives-ddos-attacks-and-why-it-should-be-a-concern\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.chillisoft.net\/"},{"@type":"ListItem","position":2,"name":"What Drives DDoS Attacks and Why it Should be a Concern &#8211; Radware"}]},{"@type":"WebSite","@id":"https:\/\/www.chillisoft.net\/#website","url":"https:\/\/www.chillisoft.net\/","name":"Chillisoft","description":"Cybersecurity Solution Distributors","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.chillisoft.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-NZ"},{"@type":"Person","@id":"https:\/\/www.chillisoft.net\/#\/schema\/person\/3ce28d9ad7b618323a1818ec47079084","name":"David Gadnyx","image":{"@type":"ImageObject","inLanguage":"en-NZ","@id":"https:\/\/www.chillisoft.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cec5986cebb7bd671ecd190a8388ed19?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cec5986cebb7bd671ecd190a8388ed19?s=96&d=mm&r=g","caption":"David Gadnyx"},"sameAs":["http:\/\/www.chillisoft.net"],"url":"https:\/\/www.chillisoft.net\/author\/david-gadnyx\/"}]}},"publishpress_future_action":{"enabled":false,"date":"2025-02-01 10:42:19","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/posts\/4753","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/comments?post=4753"}],"version-history":[{"count":0,"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/posts\/4753\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/media\/4757"}],"wp:attachment":[{"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/media?parent=4753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/categories?post=4753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.chillisoft.net\/wp-json\/wp\/v2\/tags?post=4753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}