By the end of March 2023, the U.K.’s National Crime Agency (NCA) revealed that it created multiple fake DDoS-for-hire service websites. The main aim was to identify cybercriminals.
What characterises these hackers today and why are they such a threat to public life?
Based on our global cybersecurity network, clear conclusions about the digital threat-level can be taken. What we can see is that hackers have become massively professionalized within the last years. The times of spontaneous individual perpetrators are long gone. Cybercriminals of today aren´t anymore single hackers pursue the aim of financial profits due to digital attacks.
Today, we are talking about decentralized, modernized hacker structures. Some of them are even financially supported by states and public authorities. In particular, groups such as NoName057, Killnet and Anonymous Sudan are targeting the national critical infrastructure in western societies. These globally acting groups have openly declared cyber war on the NATO, committing for example highly visible DDoS attacks.
Unfortunately, in some cases, companies and critical infrastructure operators still lack the know-how and awareness to defend themselves. Hackers are aware of this – trying to hit new targets every day.
How do you evaluate the current threat situation from cyberattacks and DDoS in particular?
That depends on the structures that are under digital attack. Many companies and platforms with weak digital protection increase their vulnerability by underestimating the digital threat.
In this case, the question is not whether, but when a digital attack – for example DDoS – will succeed. In the worst case, even large companies can expect to suffer crucial economic damage, which could lead to significant problems.
Especially the operators of critical infrastructures are often still at the beginning with their IT security strategy, both in the EU and in the UK. Therefore, this group is currently even more vulnerable than other industries that have improved their digital protection mechanisms during the pandemic to keep pace with digitalization.
The vulnerability of energy suppliers, banks or network operators thus threatens the fundamentals of our daily lives. In a worst-case scenario, a serious DDoS attack could cause energy deliveries to be interrupted, money to stop being paid out, or disrupt communications between companies or private online communications.
Are hackers only interested in financial motives or do they also pursue other goals?
Hackers have primarily financial motives; their business model now causes more economic damage than organized crime, for example. In addition to professional hacker structures, the market for “cybercrime-as-a-service” is also growing. This ranges from low-cost DDoS attacks to phishing campaigns and ransomware attacks that can be booked on a monthly basis.
In addition, there are hacking groups supported by the state, which are also looking for additional sources of revenue. In addition, politically motivated cyberattacks have increased once again and are currently attracting the corresponding media attention.
During April, British government officials announced that pro-russian cybercriminals were attempting to damage also the critical national infrastructure. Do we need to adapt of being a digital subject every day?
As I see it, the digital demands on businesses and critical infrastructure have never been so high.
The crucial factor is that the time in which digital attacks are mitigated is as short as possible (“time-to-mitigate”). The challenge is that conventional protection solutions – against DDoS, for example – may be brought down in a very short time, the more complex and intensive the attacks become. Outdated protection could thus become a risk for companies. The first step is for companies to take a close look at the risks and their protection systems so that they can adapt accordingly to the current threat situation.
How modern is the current state of digital protection? Is a general modernization of the systems in use necessary? How can cybersecurity awareness be created and employees trained to prevent cybercrime in the company?
These are all questions that every decision-maker in business must ask themselves with regard to the digital future.
How can companies and platforms protect themselves?
First of all, decision makers need to ask themselves how competitive their security solutions still are. In many cases, this can already provide clarity as to whether the security solutions are still strong and up to date enough to protect the respective systems.
As a matter of priority, companies should ask themselves how resilient the digital protection measures implemented are today. This is a key question, especially in terms of DDoS defence, as distributed denial of service (DDoS) attacks have been constantly changing in recent years and are more sophisticated than ever before.
Companies should also look at the resilience of the businesses they work with. This is important because cybercriminals can also target cooperating companies through external partners.
When it comes to IT security services, cloud-based solutions are ahead of the game. They have several advantages in the fight against globally connected and decentralized hacker groups. Cloud solutions avoid disrupting business processes while strengthening digital resilience in enterprise networks. The cloud-based solutions are also fully scalable, in use 24/7 and always up to date.
What is nowadays different in comparison to a year ago and what are the predictions about digital threats?
Indeed, cyberattacks and DDoS in particular are constantly being optimized by cybercriminals.
Systems can be brought down much faster due to attacks that unleash their critical load too fast for most security systems.
In analysis of the attacks registered in 2022 shows for example that the critical load in DDoS attacks was reached on average within 55 seconds of the attack beginning. In comparison, attacks in 2021 took an average of 184 seconds to reach their peak. Today, attackers need only a third of the time it used to cause considerable damage. Instead of randomly attacking businesses in the hope of success, highly targeted advanced and sophisticated DDoS attacks are now being used.
Alongside this professionalisation, the number of attacks is also on the rise. Unfortunately, companies and critical infrastructure operators are not aware of this, so the global digital threat environment will remain at a very high level in the future.