A few weeks ago, Tesla CEO and X (formerly Twitter) owner Elon Musk hosted a friendly conversation on X with former President Donald Trump. The interview was delayed by more than 40 minutes as X experienced technical difficulties. Musk immediately tweeted that there appeared to be a massive distributed denial-of-service (DDoS) attack on X causing the delay. It turns out X was not under a DDoS attack, but most likely a technical overload of its servers without the proper pretesting of the infrastructure to support that amount of traffic.
We’ve seen how big events (take this summer’s Paris Olympics, for example) tend to increase the threat of cyber-attacks, including DDoS attacks. Beyond the financial sector and online services, political campaigns have also become prime targets for DDoS attacks, aiming to disrupt their online presence and communication channels. Now that we’re about two months from the US Presidential election in November, it is reasonable to assume we will see an uptick in cyberthreats against the election ecosystem. While I agree with CISA and the FBI’s recent statement that DDoS attacks targeting election infrastructure will have little to no impact on the integrity of the actual voting process in the November election, I do think we will see threats made to informational election sites like marketing campaigns for each candidate, ‘get out the vote’ campaigns, etc. With only about 60 days left until the election, if bad actors are able to take down an information site for days, that’s a huge problem.
Adaptive Attacks
DDoS attacks are not a static phenomenon. Cybercriminals continually refine their techniques, leveraging technological advancements and exploiting vulnerabilities to launch increasingly sophisticated and disruptive attacks. Staying ahead of this evolving threat landscape requires constant vigilance and adaptation. Two significant changes have occurred to create this perfect storm of increased DDoS attacks: the increasing availability of vulnerable systems that facilitate DDoS attacks, as highlighted in recent Corero blogs, and the bad actors’ heightened motivation to adapt and innovate during attacks.
1.The rise in global network capacity has led to a growing number of vulnerable network devices. These systems’ accessibility allows the bad actors to create targeted DDoS attack traffic. As a result, we are witnessing changes in the size, duration, and tactics of attacks, both during reconnaissance and active attempts to cause harm.
2.Historically, DDoS attacks were simpler; bad actors would launch the DDoS attack and hope for success. Today, the bad actors actively monitor and adjust their strategies in real-time to bypass DDoS prevention systems. Modern DDoS attacks are far more adaptive — if one approach fails, the bad actors quickly shift to a different vector, often within minutes, repeating this process until they penetrate the network. The sophistication of these attacks has significantly increased compared to recent years.
The Perfect Target
During the 2016 US election season, there were reports of DDoS attacks targeting the websites and online infrastructure of both the Democratic and Republican campaigns. These attacks were aimed at disrupting their ability to communicate with voters and raise funds online. This isn’t just a problem in the United States, but rather a global problem. In 2012, the website of French presidential candidate François Hollande’s campaign was reportedly hit by a DDoS attack just hours before the polls opened. The attack was attributed to a group calling themselves Anonymous, who claimed they were protesting Hollande’s policies.
Why is this election ecosystem the ‘perfect’ target for bad actors? 3 simple reasons:
1.Motivation – politics can be ugly and most of the time, you are happy to see your opponent go down. In this instance, being able to disrupt communication around your opponent’s messaging, or preventing voters from registering in a timely manner, or educating themselves against your political ideology, is very attractive.
2.Time – With only two months until the election, time is of the essence.
3.DDoS availability – the ability to launch a DDoS attack has increased and they are much more effective and worse today.
Service Availability Matters
Even though the previously mentioned X incident was not an external DDoS attack, it doesn’t really matter. When your system is down, you are down. It underscores the importance of defending service availability.
Today, an organization’s ability to remain online is a necessity. If your main form of communication is online, when a disruption occurs for hours or even days, the result can be catastrophic. Organizations must be prepared and implement the right security solutions. Because even the smallest disruption can have significant consequences.
Ad