The DDoS Ring of Fire is a DDoS attack map that maps vertical markets based on the likelihood that these organizations will experience DDoS attacks. As sectors move closer to the center, organizations within these sectors are more likely to experience DoS attacks, DDoS attacks and other cyber-attacks.
The DDoS Ring of Fire is a DDoS attack map that maps industries based on the likelihood that organizations in these sectors will experience DDoS attacks and other cyber-attacks. The closer your industry is to the bullseye, the more likely you’ll find yourself in the crosshairs of hackers.
Based on Radware’s
2016-2017 Global Application and Network Security Report, the Ring of Fire reflects five risk levels. In 2016, new risk levels applied to different industries: financial services moved from “Medium” to “High” while government, service provides, and gaming remain squarely in hacker’s crosshairs.
So what does the DDoS attack map mean for your organization?
DDoS mitigation calculations should move in lockstep with these movements by securing a
DDoS protection solution that can defend against emerging network and application threats.
So what does it mean for your organization? Mitigation calculations should move in lockstep with these movements. When this does not happen, the likelihood of a cyber-attack resulting in a network outage or service degradation increases. Read on to understand where your organization falls.
The financial services industry suffered 44 million cyber-attacks in 2016, making it the most targeted industry. It was threatened by a number of factors, including:
In addition, in 2016 Anonymous launched OpIcarus. What started off as a simple protest against the Bank of England and the New York Stock Exchange quickly escalated into a fullfledged, multi-phase DDoS attack operation aimed at targeting the International Monetary Fund, central banks and global stock exchanges. In parallel, numerous Bitcoin marketplaces like Bitfinex, DAO and Ethereum came under attack. Bitfinix, a Bitcoin exchange company, lost $70 million dollars in one day due to a security breach of multiple wallets. There was also the SWIFT vulnerability that resulted in an $81 million heist from the Central Bank of Bangladesh. This success encouraged the perpetrators to repeat the attack, reportedly gaining close to $1 billion dollars.
In 2016, government services were targeted by various threats, including hacktivism, terrorism and state sponsored attacks. Attacks on government sites are not always politically motivated; many are launched to help attackers gain notoriety and/or publicly shame the government, government officials, state and local offices and
Anonymous operations like OpKillingBay often target government sites hoping to attract their attention and force them to enact a ban against the fishing season. Other operations, such as OpRight2rest, OpGaston, and OpLGBT, are also launched directly at the government, government officials, state and local offices
and individuals as a reaction to a political event or ruling. These attacks can quickly escalate to target not only government but also the families of government employees, thereby crossing the line and making their involvement a controversial action.
The United States presidential election served as fodder for a number of attacks targeting presidential candidates and business holdings entities outside of the election. Both Republican and Democratic candidates were the targets of a number of DDoS attacks. These attacks are not only originated by hacktivists and
protesters, but can be the result of an alleged activity of foreign states. In addition to the United States presidential election, the Philippines Election Commission was breached this year over the integrity of the election and the electronic voting systems. The group Lulzsec Pilipinas hacked and dumped the voter database.
Internet Service Providers (ISPs) find themselves not only the primary but also the secondary targets from massive DoS campaigns. The aim: partial or full disruption of the target’s online business operations. Attackers tend to target companies directly with network and application floods. However, when the volume exceeds the infrastructure capacity, they begin to create trouble for the “neighborhood” as the network pipes become saturated. In other cases, when mitigation is in place, attackers will target the upstream provider in an attempt to block legitimate traffic from reaching the targeted destination.
In 2016, several high-volume attacks targeted the gaming industry and directly and indirectly impacted ISPs. Some of these attacks were so large that they did not make it to the target destination, as the pipes become too small. Thus, if there was no scrubbing mechanism, the saturation resulted in a complete network outage. In addition, in 2016 many ISPs were subject to a phony DDoS for ransom campaign perpetrated by fake cyber ransom groups portraying themselves as notorious DDoS groups like Armada Collective, Lizard Squad and New World Hackers.
Web and cloud service providers faced an increased likelihood of being attacked compared to 2015, and are now the target of a global cyber-campaign that has stricken several Web and cloud hosting companies. Since the beginning of February 2016, an ongoing cyber-assault has targeted hosting providers across the UK; it was later expanded to include similar companies in various countries. These hosting providers suffered long-term outages affecting the business operations of their enterprise customers. They also suffered major reputation damage—even though some of these attacks were related to their clients’ controversial content or websites.
For the gaming industry, large-scale DDoS attacks resulting in network outages and service degradation have become everyday occurrences. The main motivation is simply the thrill of disrupting game play and tournaments. A secondary driver: trolling crucial moments when gamers are trying to take advantage of game specials and
bonus points. When attackers cripple the network during these events, users become very angry and often take to social media to smear the company. Consequently, companies suffer an immediate impact on brand equity. Meanwhile, if the attack does not reach the target, it often takes down the upstream provider—resulting in widespread outages.
Attackers mainly target authentication servers to prevent users from logging into the game or upstream providers to prevent gameplay itself. Attackers are using a wide variety of tools, such as DDoS-as-a-Service or their own custom botnets like Mirai. For as little as $19.99 a month, an attacker can run 20-minute burst attacks for 30 days. Using these tools, attackers can gain powerful access to vectors like DNS, SNMP, SSYN and GET/POST application layer.
When a retailer comes under DDoS attack, the result is immediate revenue loss since the outage prevents customers from purchasing items. In Switzerland this year, the website for Swiss Federal Railway (SBB) and two of the country’s largest retailers, Coop and Migros, had their websites taken down, preventing customers from accessing their sites. These DDoS attacks on retailers are often a smokescreen for more sinister acts like DDoS for ransom or large-scale data breaches targeting payment systems. In the Swiss incidents, no data was affected. However, attackers will often look for large corporations with massive quantities of data and payment information and then use a denial-of-service attack to distract security systems so they can infiltrate the network and steal personal information.
The value of medical records in the dark market now exceeds the value of credit card information. Consequently, the healthcare industry found itself at the center of cyber-attacks—putting at risk not only patient data but also the credibility of the system and the Health Insurance Portability and Accountability Act (HIPAA). Several data leakage incidents have been reported, many caused by an actor named “The Dark Overlord,” who published hospital databases on the Darknet. In parallel, Anonymous hacked into the database of multiple Turkish hospitals and medical institutions, allegedly in retaliation for a series of attacks on U.S. hospitals in the form
of ransomware earlier this year. The most famous was the one against Hollywood Hospital, which ended up paying $17,000 in ransom in 2016. Ransomware has proven very profitable for cybercriminals, especially when it encrypts medical records needed in real time.
This year the educational system came under fire as vendors on the Darknet began offering school hacking services. In 2016, 444 school networks in Japan went offline as a result of a massive cyber-attack. Hacking services found on the Darknet make it increasingly easy for non-hackers to carry out an attack or cause damage to a school’s resources. In addition, a potential attacker can rent a botnet or a stresser service for as little as $20 in Bitcoin and launch the attack themselves. In most cases, it’s either a student looking to delay a test, manipulate the registration process or a personal attack by a student or staff member in aggression towards
the school. Whatever the reason, the outcome is the same - an act by an individual results in turmoil for the educational institution.
For energy and utility companies, the threat landscape remains stable due to the segregation of these companies’ networks. Even so, this industry remains a valid target for hackers, especially given the environmental damage these entities allegedly cause.
In 2016, Radware witnessed a number of energy companies targeted by both hacktivist and state-sponsored groups. For example, Anonymous targeted a number of state-sponsored mining companies for damaging a sacred Tibetan mountain. Meanwhile, HakDefNet was the first company to identify a series of state-sponsored attacks targeting the Ukrainian power grid during the country’s elections. Throughout 2016, there were a number of attacks launched against backers of the Dakota Access Pipeline Project (DAPL) currently under construction in the United States. Despite requests from local tribes to stay away, Anonymous announced its support for the NoDAPL protesters and began posting personal details of officials involved with the pipeline project and threatening employees and families of those involved. In addition to the Doxing, Anonymous also launched DDoS attacks against Energy Transfer and other organizations involved with the project.
Due to the nature of these businesses, they are very aware of the technological risks in the digital world. In addition, they have the right personnel and expertise to fight DDoS attacks and other cyber-attacks. They also tend to be early adopters in testing new tools, exploits and mitigation mechanisms. Successfully hitting these companies requires a higher hacker skillset—a challenge many hackers are keen to accept.