June 27, 2022

Volume XII, Number 178

Advertisement
Advertisement

June 24, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Threat Landscape Update: Distributed Denial of Service Attacks

December 2021 has brought with it holiday cheer and an uptick in distributed denial of service attacks (DDOS) attacks. DDOS attacks are fast becoming a new tool in the extortionist threat actor’s toolkit. DDOS attacks are attractive because they don’t require attackers to actually hack into a company’s systems. Instead, a DDOS attack targets a website or other online service. The attacker attempts to flood a targeted service with traffic by using numerous compromised computer systems, including IoT devices, as sources of attack traffic. Think of a DDOS attack like your home phone from the 1980s. If multiple callers are constantly calling your number, legitimate callers will get a constant busy signal. The goal, of course, is to get a company to pay the threat actors to stop the attack and resume normal operations.

GT has seen this increase in two primary ways. First, as an add-on to a ransomware attack. Ransomware attacks have evolved over the past several years beyond simply encrypting a company’s servers and endpoints, to increasingly exfiltrating and threatening to publicly post or sell company data, to now threatening and/or committing DDOS attacks. Second, certain threat actors are skipping the ransomware attack and heading straight to the threat of a DDOS attack.

Fortunately, some of these threat actors are bluffing and lack the resources to conduct a full-blown attack. They may instead hit a company’s network with a short burst of traffic, and then will use that burst to suggest they have much more firepower behind them. Others, however, are conducting full-blown attacks.

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XI, Number 355
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Jena M. Valdetero Cybersecurity Lawyer Greenberg Traurig Law Firm
Shareholder

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against privacy and data breach litigation, with an emphasis on class action lawsuits. She has designed and conducted dozens of data breach tabletop exercises to empower clients to respond effectively to a data security incident. She also counsels companies on data privacy and security compliance programs and advises on...

312.456.1025
Advertisement
Advertisement
Advertisement