The massive Mirai DDoS attack that knocked a slew of major websites offline last Friday (21 October) was most likely the work of amateur hackers, not a nation-state or cybercriminal organisation, security firm Flashpoint said. Mark James, Security Specialist at ESET commented below.
Mark James, Security Specialist at ESET:
“DDoS and hacking are often used in the same sentence, they are indeed very different and require very different skill sets. That being said they may well be used in conjunction with each other to formulate the complete attack.
DDoS as a service is available for a relatively low sum and with the availability of programs to make DDoS easier it could in theory be orchestrated by someone with very little skill. Of course large scale DDoS attacks will require a good amount or organising but still very accessible with the right determination. The goals of a successful DDoS attack vary from public voice, political or financial gain to just for notoriety.
Because of the nature of multiple attacks from so many sources it’s very difficult to definitively determine the owner or instigator and often will leave it wide open for people to claim responsibility. Of course it’s quite possible for multiple groups or people to be responsible, in a lot of these cases we will never really know.
The only guaranteed thing we can take away from this is that companies need to understand the risks and have procedures in place to combat future attacks. It will only get easier for the bad guys as software becomes more freely available, but of course awareness often brings solutions, many companies offer protection against these types of attacks.”