Police are taking DDoS attacks seriously, as they are being used as a front to cover bigger assaults.
While to date police have considered distributed denial-of-service (DDoS) attacks to be a low-level crime, they are now starting to take them a lot more seriously.
According to Mike Hulett, head of operations at the National Crime Agency’s Cybercrime Unit, DDoS attacks have risen up law enforcement’s agenda for a couple of reasons.
Speaking at the Security & Counter Terror Expo in London he said: “This is something that I wouldn’t say law enforcement has ignored over the years, but it’s been seen as relatively low level. It’s a bit like swatting a fly, it’s an annoyance thing: ‘We don’t really want to launch an investigation against it, do we?'”
However, this approach has now changed because “something different is happening with DDoS”, Hulett said, describing how previously, organisations could fend of DDoS attacks with relative ease, but now, they’re becoming more difficult to fight against.
“Normally it’s something big business can deal with and mitigate as a matter of course. We’ve seen some recent examples of companies — which I won’t name — which can’t mitigate against these DDoS attacks.
“So what’s happening out there? What’s changing? What’s different about DDoS now to what it was before?,” he said, detailing how law enforcement agencies are changing their approach to this style of attack — which security researchers have warned is getting bigger and more dangerous all the time.
But while Hulett said DDoS is still classed as a “lower level” priority, he described how it’s important for the police to get a better grip on it because it remains what police describe as a “gateway crime” — a way for young people to get involved with organised crime, something police are keen to prevent.
DDoS is also increasingly used as a distraction technique to draw cybersecurity teams away from more destructive attacks, a technique seen during last year’s TalkTalk hack.
“The TalkTalk attack was exactly that. It started off as a DDoS — which is the first time the company realised something was going wrong with its systems — but what they weren’t spotting was that the DDoS was a mask for an SQL injection going on at the same time,” Hulett explained.
“This is how DDoS is changing. It’s not just the annoyance factor — ‘look at me, I’m so clever, I’ve taken down this website’, for example — sometimes it’s actually a mask for something more sinister going one elsewhere. It’s something we’re seeing increasingly used as a distraction technique,” he said.