A destruction-of-service (DeOS) attack is a form of cyberattack that targets an organization's entire online presence as well as their ability to recover from the attack afterwards. DeOS attacks are meant to cause the maximum amount of damage possible, oftentimes resulting in a loss of data, a disruption of operations and an increase in the cost of data recovery.Content Continues Below
A DeOS attack can not only take down an organization's website, services and internal systems, it can also attack the normal backup and restore methods used to recover from attack. Potentially, a DeOS attack could put businesses in a position where they have to rebuild infrastructure from scratch or pay a high ransom to the attackers.
Best practices to defend against DeOS attacks include performing regular penetration tests, hiring internal cybersecurity staff and decreasing mean time to detection (MTTD) statistics. The quicker a threat is detected, the less time an attacker has to spread damage throughout a system. The two most common points of entry for attackers are through known exploitable vulnerabilities and acquired administrator credentials.
DeOs attacks were included in Cisco's 2017 midyear cybersecurity report. Studies of recent major threats, such as Nyetya and WannaCry, made Cisco take notice of some creative ways that attackers design their attacks. The growth of IoT is a security concern as many devices associated with it may have unpatched vulnerabilities, thus increasing the amount of attack surfaces. They also may be left on default settings with default passwords, which is a common tendency and concern.
DeOs attack vectors
Popular destruction-of-service attack vectors include:
Ransomware - The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in a virtual currency, such as bitcoin so that the cybercriminal's identity isn't known.
Business email compromise (BEC) - Business email compromise attacks typically use the identity of someone on a corporate network to trick the target or targets into sending money to the attacker’s account. The most common victims of BEC are companies that use wire transfers to send money to international clients.
Cyberwarfare - Although cyberwarfare generally refers to cyberattacks perpetrated by one nation-state on another, it can also describe attacks by terrorist groups or hacker groups aimed at furthering the goals of a particular nation or political organization.