Please don’t panic, but there may be sovereign nations out there planning to cyber-attack you.
Why?
Before we answer that, let’s take a look at recent events:
DDoS attacks are relatively easy to generate and they leave no permanent footprint, making it hard to trace back the attacker. A state-sponsored DDoS, which is more common than you might suspect, is generally a well-funded, orchestrated campaign executed by professionals. They can be carried out by advanced persistent threat (APT) actors, which are typically state-backed groups conducting large-scale targeted intrusions for specific goals.
Some DDoS attacks are carried out by “mercenary” unaffiliated hackers, hired on the sly by a government to target its enemies. There is good evidence, for example, that Russia hires cyber “pirates” who agree to a moratorium on hitting Russian assets in exchange for services performed for Moscow.
Another possible marker of state-sponsored DDoS attacks is their size. While they can be both network and application attacks, when the level of targeted traffic exceeds hundreds of gigabits per second, you have a pattern more consistent with a state actor than with a typical hacktivist or criminal. In 2020, for example, we at Red Button were involved in mitigating one of the largest volumetric attacks ever, with over 1.2 Tbps of hostile traffic.
State-sponsored DDoS can be used to disrupt critical financial, health and infrastructure services in enemy countries. In many cases, the main goal of the state sponsor is to undermine the reputation of their adversary, regardless of the actual chaos they can create. This can serve their interest by undermining domestic and international confidence in the targeted state’s institutions, disrupting daily life, and bringing attention to the attacker’s political narrative.
To that end, state-sponsored attackers do not only focus on government agencies. They also often seek to disrupt high-profile commercial entities seen as a symbol of the targeted state in some way, such as banks, financial institutions, news outlets, large e-commerce sites and the like.
While the recent DDoS attack on Israel targeted the communications provider for all websites using the gov.il domain, in Ukraine and Russia the alleged targets include financial institutions. Similarly, the allegedly Iran-backed OpAbabil series of DDoS attacks in 2012, which we had a hand in combatting, targeted various private American financial institutions such as J.P. Morgan Chase.
The targets of such state-sponsored DDoS campaigns may even be third parties or organizations in countries believed to be supporting one side or another in an international conflict. Since the Russian invasion of Ukraine, for example, we have seen a growing concern among our clients regarding DDoS attacks in the US, Europe and Asia. Governments and major businesses that are not directly involved in the conflict are on alert, as it is hard to predict how far the cyber-warriors will go.
So, to return to our initial warning: Yes, you may be next. But there are a few things you can do to protect yourself.
And most importantly, after you’ve taken these precautions, stay vigilant. But don’t worry – it’s not good for your health.