There is a flourishing, niche market for people who can (and choose to) attack websites for the purposes of denying service. Australia was recently attacked during the campaign to collect census data from the nation. It is very likely that other countries saw this and the resulting "tail-chasing" by the Prime Minister and other politicians and decided to chase down and bring DDoS hackers to justice.
Last week, the FBI requested that Israeli authorities arrest two 18 year olds for orchestrating a DDoS attack that earned more than $500,000 over two years. The two individuals were questioned and released after posting bond of US$10,000, but not before their passports were seized, they were placed under house arrest for 10 days and they were banned from using the internet or telecommunication equipment for 30 days.
This shows that the US are getting tough on this kind of internet behaviour and that they are monitoring it.
While DDoS attacks are not new, they are becoming more mainstream. There was a time when attacks were done on the dark web, but the attack on Australia shows that open websites are now targets and can cause considerable disruption and embarrassment.
The fact that businesses are moving their services into the cloud means there are more targets open to this kind of attack. And where there is demand, attackers can name their price and make a lucrative career.
So what can we do to protect ourselves against being a target?
Well, you can't really stop someone targeting you. But you can put some safeguards in place to make it more difficult for attacks to be effective. Here is an article to describes some measures you can take, but here are a couple:
- Invest in good hardware and software that connects your data to the internet
- Invest in good people to install and maintain that hardware/software
- Consider "over-investing" in bandwidth so that if you are attacked there is still room in the "pipe" for your customers
Let's not be naive. If you are connected to the internet, there is always a chance that you can be attacked. The best thing you can do is be educated about how you can affected. That way, you can make informed decisions about how to mitigate the effects on your equipment and data.