Chase Cunningham, director of cyber threat research at Armor, wasn't surprised by the upsurge of attacks on Turkey at the end of the year. "Geopolitical events consistently change. Whether countries officially support or turn a blind eye to the attacker, these types of campaigns happen regularly," Cunningham said.
No country is innocent of these attacks whether it's Iran targeting financial institutions, Russia attacking Estonia or Georgia, and the US turning a blind eye to political activist like Jester, said Cunningham.
Given the ease with which they can be constructed, attackers will continue to take advantage of this digital power hold. Cunningham said, "DDoS still seems to be the number one type of attack to leverage for geopolitical. It's easy to string together a botnet or underground enterprise and bring the target to its knees for a few hours."
Leveraging public resources, said Cunningham, doesn’t take a whole lot of technical know-how. "It’s a broad use tool that anybody with enough time on YouTube can figure out," he continued.
In fact, they are so easy to leverage that Cunningham said, "I think it’s interesting that we haven’t seen more DDoS attacks during the campaign given the shenanigans." Others agreed that they expected to see more targeted underground actors trying to put out something in the media that is trying to ruin a campaign.
As 2015 came to a close, security analysts made lots of predictions about the types of attacks enterprises should expect to see in 2016. DDoS was supposed to be a lot more disruptive.
Cunningham said, "I thought 2016 would be the year for geopolitical activities but we haven’t seen much of that so far. The guys who are good are abandoning those and going deeper, using targeted malware or ransomware, moving to do things that are more malicious to give them more return on their investments."
Ryan O'Leary, vice president of threat research center at WhiteHat Security, suggested something similar in pontificating about the motivation of different attack methods.
DDoS evolved from people having fun to more targeted acts of retaliation or protest. In January," O'Leary said, "there was a well published one on Trump when New Frontier launched DDoS against him because he was overly racist."
Perhaps O'Leary is onto something and DDoS is becoming more and more popular as an attack technique to protest or retaliate. "DDoS is often used to raise awareness and protest, to say 'We brought down your site, nobody can get to you because we don’t like you.' It's a platform for activism" O'Leary said.
Whether the attacks are to raise awareness or to protest, mitigating the risks of these attacks remains incredibly challenging for security teams. "DDoS is much tougher because you have a large amount of traffic coming from a huge amount of sources, and it overwhelms the system that you are trying to filter out legitimate vs illegitimate traffic," said O'Leary.
Sign up for Computerworld eNewsletters.