Malicious actors today are constantly tweaking their tactics to stay ahead of cybersecurity professionals. The first half of 2024 revealed a significant increase in one particular threat: Distributed Denial of Service attacks. 

DDoS attacks work by using armies of subordinate devices to overwhelm servers and networks with malicious traffic. Unable to cope with the sheer number of computers attempting to use its services, the target shuts down under the pressure. At best, DDoS attacks prevent users from accessing individual websites; at worst, they have been known to bring down payment networks, cloud services and critical national infrastructure. 

In the first half of 2024, there has been an increase of 25% in multi-vector attacks, which continued into the second half of 2024. Most of the DDoS attacks seen are carpet bomb attacks – so named because they spread malicious traffic across multiple IP addresses at once, bombarding targets in such a way as to make it almost impossible for security teams to thwart attackers in the moment.   

With attacks such as these on the rise, it is important that security professionals understand the mechanics of these new methods, the motivations behind these attacks, and how to mitigate attacks in the future.  

What is a Carpet Bomb Attack?  

For IT teams to be fully prepared to combat carpet bomb attacks they need to understand what they are and how they differ from traditional DDoS attacks. Specifically, DDoS attacks typically target a single entity. Carpet bomb-style attacks, meanwhile, target entire networks. 

Such cyberattacks often inflict significant financial losses on victims and erode consumer trust in the target company: a staggering 74% of customers, for example, would be reluctant to trust an organisation after a data breach. Consequently, organisations must be on the front foot to mitigate attacks.

Despite the significant damage they are capable of causing, carpet bomb attacks are nonetheless often defined as “ankle biters”; in other words, smaller attacks that do not require a large infrastructure to produce a high volume of traffic to cause disruptions.  

When first initiating a carpet bomb attack, threat actors tend to deploy smaller botnets made up of compromised IoT devices while keeping others in reserve to continue the offensive should the first swarm be discovered by the defending security team. In this way, malicious actors are continuously shifting attacks to stay ahead of defenders, while also constantly changing what they attack and what vectors they use.  

Hacktivism: a key driver for cybercrime 

As security professionals continue to develop an understanding of the trending attack types and how best to protect their organisations against them, it’s also important to understand the cybercriminal’s motivations for targeting certain companies and organisations. The most common reason is usually financial, but these attacks can also be politically motivated.  

Hacktivism is a form of online activism that uses cybercrime to influence political action. It’s the primary reason behind this year’s rise in carpet bomb attacks. As geopolitical tensions continue to rise across different regions, hacktivist activity is correlated to military conflict, with these self-styled keyboard warriors using these attacks as a delivery method for their message. 

Russia’s invasion of Ukraine has inspired several major DDoS attacks on the latter’s allies: see, for example, the targeting of Greater Manchester Council by the Russian hacktivist group NoName057(16). The rise of AI and readily available open-source scripts have also made it easier for less tech-versed individuals to take advantage of basic coding scripts to drive DDoS attacks. Combining this with the increase in political activity and democratized technology, organizations are seeing unprecedented challenges. 

Pushing beyond the disruption of services, hacktivists are additionally leveraging DDoS attacks to damage the reputation of select organisations. One example of this is when a customer of a bank goes online to use its website, only to find out that the site is constantly down due to a continuous attack. Over time, this is more than likely to degrade customers’ trust in that institution. By damaging an organization’s reputation in this way, cybercriminals turn up the heat on businesses and government agencies in an attempt to strong-arm them into addressing their cause.  

Protecting your organization against DDoS   

As security teams better understand how and why bad actors are targeting their organizations, they can begin to put in place security solutions that can best protect against the threat of DDoS attacks.  

Investing in a Securing Operations Center (SOC) is one of the most effective ways an organization can protect its systems, data, and reputation. There are even SOCs that specialize in thwarting DDoS attacks. As DDoS tactics are ever-changing, it’s critical to have experts at the helm who are able to ensure a strong security strategy.  

The next step for security teams is to ensure their company’s policies and procedures are robust enough to allow for the prompt detection and mitigation of DDoS attacks. Having checklists that not only map out each step the company should take in case of a security breach or attack but are also updated, validated and rehearsed at least twice a year can greatly improve an organisation’s cyber readiness and preparedness. 

The 2024 elections have caused political tension and this will continue, but hacktivism doesn’t occur only on a four-year cycle. Organizations must be prepared all year round, keeping a vigilant eye out for potential vulnerabilities and proactively protecting their data and reputations from hacktivist-led DDoS attacks.

Richard Wallace is a cyber security threat analyst for Vercara.

Read more: Agent vs. Copilot – or, how to find the right AI fit for your business