Why Do Hackers Use DDoS Attacks?

Understanding the motives behind DDoS attacks

Image of what is believed to be a DDoS Attacker

Distributed denial-of-service (DDoS) attacks are a common tactic among hackers. They disrupt the availability of networks, applications, websites, and more to interrupt the functions of enterprises, service providers, and governments. DDoS attacks are also used as a diversion by bringing down one area of a network or an application to lure security teams away from key assets to restore availability. Hackers launch DDoS attacks for several reasons, including financial gain, geopolitical interests, masking other crimes, revenge, and more.

DDoS as a Tool for Financial Gain

Bad actors may launch a barrage against an organization, only to promise to stop it if their financial demands are met. For lone actors, money can be a major motivator for organized crime or personal gain. This extortion is rooted in fear because organizations can be afraid of the potential for brand damage and loss of reputation or revenue under a sustained DDoS attack.

Bespoke infrastructure used to carry out some DDoS attacks is not free to maintain. Some botnets, malware, and other tools cybercriminals use cost money to generate and keep up and running. This can lead to attackers leveraging financial gain as a motivator to attack.

Another financial motivator is competitive takeout. One group could hit a competitor with a DDoS attack to gain a market advantage via sabotage, for example.

Political and Activist Motivations: Ideological Attacks

One of the most publicized motivators for DDoS is political and ideological attacks, commonly referred to as “hacktivism.” With hacktivist groups, the efforts are often geopolitical and rooted in a conflict. These attacks often target infrastructure (telecommunications, utilities, healthcare, key services) or government entities to hinder the operation of society as a whole. They can also be state-sponsored, which is also known as cyberwarfare, adding another layer to conflicts. In cyberwarfare, motives can include disruption to communication, disabling infrastructure, financial market disruption, and more.

At the time of writing, well-known hacktivist groups include NoName057(16) and Anonymous Sudan. These, and many other groups, have targeted Poland, Sweden, Moldova, South Korea, and Romania, among many others. A common thread is the support of Ukraine in its ongoing conflict with Russia, which pins these as geopolitically motivated barrages of attacks.

Masking Other Cybercrimes: The Smoke Screen Effect of DDoS

Hackers can also use DDoS as a diversion to hide other nefarious activities. If a DDoS attack is taking down key applications or services, then the focus gets placed on restoring availability. Meanwhile, a bad actor may be exploring the network edges for vulnerabilities and ways to sneak into the network and gain access to sensitive information. This leads to a data breach and potential theft of proprietary or customer information.

Essentially, cybercriminals exploit the chaos a DDoS attack stirs up for their own gain. DDoS attacks necessitate a secondary layer of defense to keep networks safe because the adversary is always lurking in the shadows.

DDoS as a Form of Revenge

DDoS attacks can also be launched for revenge. If a company or organization does something that does not align with the ideals of cybercriminal groups, they can launch attacks to show their displeasure. Victims can include nonprofit organizations, educational institutions, news outlets, law enforcement, and more. The goal of these types of attacks is typically damage or humiliation.

The Challenge of DDoS Mitigation and Defense for Businesses

Cybersecurity measures are a must for large organizations today. The risk of a cyberthreat, including DDoS and data breaches, is always present. Utilizing a powerful  DDoS detection and defense solution such as NETSCOUT’s Arbor adaptive DDoS protection to protect all areas of your network and infrastructure is key. NETSCOUT's Arbor DDoS solution set keeps the world’s largest and most complex networks available.

Learn more about Arbor DDoS protection.