Why does everyone forget the unwitting DDoS foot soldiers?

The rising tide of DDoS attacks are hitting the news with alarming regularity. Yet if popular reports are to be believed there is only one victim: the person targeted in the incident.

In fact, this is not true at all. Numerous companies are actually perpetrating these attacks via employee machines they do not know are compromised. This could easily be your company and it could prove a lot worse for your brand than if you were merely the object.

“Everyone knows there is an attacker and a victim,” explains Aftab Afzal, SVP & GM EMEA at NSFOCUS IB, a specialist provider of DDoS mitigation. “However there is also the host – or hosts – which are often the infected or compromised devices of innocent users.

“One should also consider the networks of service providers and the impact to their users who are not under attack. In some of the really large attacks, even the available resources at internet exchanges can suffer and this can have a knock on effect to national networks,” he adds.

Thomas Olofsson, CEO of Intelliagg a provider of cyber threat intelligence suggests: “A business that launches an attack unwittingly, or via a disgruntled employee, will of course attract brand, or possible legal damages against themselves. The victim however, whether they know immediately or not, can trace it back to a company or legal entity, and are then in a strong position to sue for damages.”

This is all extremely common place. As Dave Larson, COO at Corero Network Security puts it: “Compromised PCs and servers taken hostage as bots to be controlled for use in DDoS attacks are a dime a dozen.”

This situation is “compounded”, adds Larson, as “tracking back bot-infected machines utilised in DDoS attacks is quite difficult. [This is because] attackers spoof IP addresses or use reflection techniques in order to maintain anonymity.”

Ofer Gayer, Senior Security Researcher at Imperva offers two major examples which his company uncovered. In these cybercriminals used 900 CCTV cameras and tens of thousands of hijacked Small Office Home Office routers to launch attacks.

So, how does all this work in practice? Well, once a single machine has been infected it can act as a backdoor to access the company’s infrastructure.

“The infected machine often operates as a bot, a type of malware that an attacker uses to take control of an infected machine in order to further spread malware or execute a DDoS attack. A group of bots controlled by the same host is called a botnet,” says Oscar Marquez, CTO of cloud security company iSheriff.

“Botnets are not only getting smarter but larger,” he adds. “In years past, a bot-herder or bot-master might have compromised 1000 machines with their bots but it takes a lot of processing power to command all these bots at once. A new technique attackers are using to work around this problem is grouping these large amounts of controlled computers into platoons and assigning a ‘lieutenant’ to each platoon.

“This way, the command and control centre sends out a request or update and it goes only to the lieutenant of each platoon. Then they have each of the members within the platoon randomly configured to check-in with the lieutenant to receive the updated information. This eliminates the need to directly control all 1000 machines by only sending the message out to the 10% to spread the word.”

The foot soldiers perpetrating the attack could easily be your work device. Adrian Crawley, Regional Director of the UK and Ireland at Radware – which places an emphasis on DDoS protection – warns: “If your computer crashes frequently, runs slower, fans are in overdrive while idling, experience issues with your web browser or access to certain websites is blocked, your computer might be part of a botnet and blacklisted.”

He adds: “Creating a botnet is actually very simple and easy to do. Most attackers can purchase Botnet starter kit, tutorials, and setup services on the Dark Web.

“One of the reasons that you see so many business machines compromised with malware and used to perpetrate the attacks is due primarily to their large user base. With every computer added to your network you are increasing your risk for an infection. At the root cause is unaware users who accidently click or open a malicious link that ultimately enlist their computer into the attackers’ botnet.”

This opens up the need for new ways to think about security. With innovative proactive monitoring companies, like Darktrace, utilising machine learning to add an extra layer of security for businesses.

“Legacy solutions are still good for mitigating the previous generation of attacks,” says Herve Dhelin, ‎Worldwide Marketing Director, at EfficientIP, a company focused on driving business efficiency across the spectrum. “But [they] are blind or no longer efficient when up against the new types of threats that can create dangerous false-positives for the business.”

These worst part is these threats do not look to decrease any time soon. In fact, the Internet of Things seems set to worsen this situation. “The IOT presents another 'attack service' for an entity to infiltrate your network or household,” explains Olofsson, of Intelliagg.

While Larson of Corero Network Security points out. “The average user of internet-connected devices, whether that be your smart home, smart appliances, smart car or smart office, does not typically pay close attention to software updates or critical patching schedules or, as a matter-of-fact quite understand how these devices are connected or sharing data.”

The answer, as with most security stories, is to stay vigilant. It is impossible to stop attacks from happening, and so even more necessary to stay aware of the risks.


Read next:

The IoT “time bomb” report: 49 security experts share their views

What will be the single biggest security threat of 2016?

CCTV hack: Insight from the eerie, yet fully legal, world of live streaming

Fleeting strategic importance? 2016, the year of the CISO

The dark web & business report: A seedy Dickensian underworld online


« Can teachers be replaced by algorithms?


Start-ups vs. big banks: What is the future of money 2026? »


Do you think your smartphone is making you a workaholic?