Network Security, Malware, Network Security

DDoS it matter what motivates Lizard Squad?

Blizzard CS's Battle.net platform was experiencing 'technical difficulties' that disrupted logins for Overwatch, Hearthstone and World of Warcraft gamers earlier this week.

And it didn't take long for a Lizard Squad member to step up and take the Tweeted credit. 'AppleJ4ck' aimed a tweet directly at Blizzard which stated, "Don't mind me, just doing some preparations. Take care of my packets." This was followed up later the same day with "don't worry, this is just some tests before the main event, you can go back to your sad life semi-soon."

Lizard Squad has plenty of previous on the DDoS front as far as gaming network disruption is concerned. Most notoriously when it took both Xbox Live and the PlayStation Network down over the Christmas period in 2014. The reason it gave for that co-ordinated attack was that it did it "for the lulz."

There is, of course, every possibility that this was the case. However, the group was also known to be hiring out access to its 'Lizard Stresser' booter tool at the time. Used in attacks by anyone with the cash, the high profile attacks could simply have been a very effective marketing campaign.

Dave Larson, chief operating officer at Corero Network Security, isn't sure the motive actually matters one iota. "Whether it's financially, politically or belief-driven, there will be somebody out there with the motivation to steal valuable data, or disrupt and take you offline with a DDoS attack," Larson told SCMagazineUK.com.

However, Ilia Kolochenko, CEO of web security company High-Tech Bridge, disagrees. He told SC that "identifying what the motivation is behind these (and other) DDoS attacks is important," adding: "If we understand who is behind the attack, we can estimate our adversary's resources and motivation in order to prepare an appropriate response and defense."

Unfortunately, today it's pretty difficult to discover who is really behind a DDoS attack as the perps tend to use 'brands' of other attackers or hacktivists to confuse the investigation and cover their tracks to evade capture.

Stephen Gates, chief research intelligence analyst at NSFOCUS, argues that understanding the motivation can be helpful to those trying to protect themselves. "Not all DDoS attacks are about taking organisations offline," he told SC. "Understanding that one key point is more critical than understanding every one of their motivations. If an organisation sees DDoS attack activity, already assume they're after your data."

The real problem, according to James Romer who is EMEA Chief Security Architect at SecureAuth, happens to be that the motivation behind DDoS attacks is often not at all clear. "It can be argued that the motivation is not necessarily the issue," Romer explains. "The fact is that any organisation can be subject to a DDoS attack and should therefore appropriately protect themselves and their services from such an attack."

So should we not be more concerned with why they have proven to be so successful given the size of the companies concerned, and the relative ease with which the attackers have managed to disrupt the services by targeting authentication servers?

"Yes," insists Dave Larson. "We should be concerned, but not surprised."

Larson went on to say that conventional security infrastructure, such as firewalls, IPS devices and load balancers are insufficient in defeating DDoS attacks that are increasingly common today.

"With the complexity and cost associated with legacy DDoS protection solutions," Larson concludes, "it's hard to blame even the most security savvy IT organizations for looking at the figures and deciding to chance it!"

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.