DDoS attacks: digital activism or cyber-destruction?

Richard Wallace at Vercara considers the escalating danger of DDoS attacks to UK organisations and how they have shifted from a tool of hacktivism to a strategic weapon

 

In today’s interconnected world, Distributed Denial of Service (DDoS) attacks have emerged as a powerful and contentious tool. Once associated with digital activism, or "hacktivism," DDoS attacks have morphed into a weapon of geopolitical strategy and cyber-warfare.

 

The UK, as one of the most digitally dependent nations, finds itself on the frontline of this shift, facing an alarming surge in both the scale and sophistication of such attacks. In October 2023, the royal family’s website, royal.uk, was knocked offline by a denial-of-service attack. Additionally, the UK’s National Cyber Security Centre (NCSC) reported receiving 297 reports of ransomware activity between September 2022 and August 2023, highlighting the growing cyber-threat landscape. 

 

But are DDoS attacks still a tool for activism, or a method for malpractice by malicious actors?

 

Looking back at hacktivism

Hacktivism, which is the use of hacking techniques to promote a political or social agenda, has long employed DDoS attacks as a hallmark tactic. Groups like Anonymous popularised these attacks, targeting corporations, governments, and other institutions deemed to be obstructing transparency or justice. In these contexts, DDoS attacks were often celebrated as a ‘force for good’, giving marginalised voices a way to disrupt and draw attention to issues on a global stage.

 

Historically, unlike malware, DDoS attacks were employed by hacktivists as they don’t steal or hold hostage any sensitive information but rather cause disruption. Given hacktivists aren’t necessarily motivated by monetary gains alone but rather to send a message, cause a nuisance, and distraction, it became the perfect medium to disrupt political discourse.

 

But the lines between activism and destruction have blurred. Modern DDoS campaigns frequently serve fewer noble purposes, with hacktivist methods being co-opted by cyber-criminals and nation-state actors to disrupt, distract, or intimidate.

 

The rise of DDoS in geopolitical conflict

The UK has seen a significant rise in DDoS attacks linked to geopolitical tensions. Recent reports highlight an unsettling trend where attacks aren’t just aimed at businesses but at critical infrastructure, including telecommunications networks and local councils. In November 2024, UK councils faced a wave of DDoS attacks attributed to Russian actors, a stark reminder of how such actions are now tools of statecraft.

 

DDoS attacks act as “flash grenades,” causing chaos to mask more insidious threats like data breaches or espionage. For example, while IT teams scramble to mitigate a flood of malicious traffic, adversaries may exploit the distraction to infiltrate sensitive systems unnoticed.

 

As part of this evolving trend, the sophistication of DDoS attacks has also advanced dramatically Advanced open-source and AI technologies allow attackers to move beyond single-vector methods, using multi-vector strategies for more complex and destructive DDoS attacks, such as ’carpet bombing,’ which pose a serious risk to online infrastructure.

 

In the UK, over 74% of attacks now use ‘carpet bombing’ strategies, indiscriminately flooding entire network block or segments with traffic – which creates a challenge for defenders, given carpet bomb attacks evade detection by staying below alert thresholds and use shifting patterns, complicating mitigation efforts.

 

The impact of DDoS attacks extends far beyond the technical domain and for UK businesses, the financial consequences can be devastating. Service downtime, loss of customer trust, recovery expenses, and potential regulatory fines all add up – with small businesses often lacking robust cyber-security measures and being particularly vulnerable.

 

Are DDoS attacks still a “force for good”?

Today, DDoS attacks are no longer just disruptive; they are powerful tools in cyber-warfare, corporate sabotage, and criminal extortion. As the technology behind these attacks has advanced, so too has their potential for harm. What was once a relatively small-scale protest tool is now capable of crippling entire industries, shutting down vital services, and causing massive financial losses – with many attackers now leveraging large botnets and sophisticated methods to cause maximum disruption.

 

While some may argue that DDoS attacks can still highlight injustices, the reality is that their use today has moved far beyond activism. The overwhelming trend is that these attacks create widespread damage, both in terms of financial costs and long-term security vulnerabilities. In fact, many businesses are now forced to adopt complex and costly DDoS mitigation strategies to protect themselves from these increasingly sophisticated threats.

 

This darker reality, where DDoS attacks are used to target businesses, governments, and critical infrastructure, has largely overshadowed any remnants of their initial "force for good" narrative. The disruptive power of modern DDoS attacks no longer serves as a tool for social change but rather as a weapon of chaos and destruction.

 

Building resilience against DDoS

As the threat landscape evolves, businesses play an increasingly central role in adapting to the changing nature of DDoS attacks and it’s no longer just about government agencies fending off cyber-threats. 

 

The responsibility falls on businesses to leverage cutting-edge technologies, like AI and machine learning, to detect and block DDoS traffic in real-time. They also need to tap into scalable cloud services, capable of absorbing and dispersing massive traffic volumes without compromising performance.

 

Implementing robust response strategies is equally crucial to ensure minimal downtime and protect business continuity. But with cyber-attacks growing more advanced, the question becomes: Are businesses doing enough to stay ahead of these evolving threats, or are they merely playing catch-up?

 

The shifting role of DDoS attacks – from tools of digital activism to weapons of cyber-warfare – further complicates this challenge. As businesses face an increasing number of attacks with geopolitical motivations, the line between "activism" and "destruction" continues to be subjective, depending on your political stance. But one thing is clearer than ever. It is no longer sufficient to simply be resilient; it’s about staying one step ahead in an environment where cyber-threats are constantly evolving. 

 

Businesses must take ownership of their role in bolstering the UK’s digital defences, ensuring their operations and services remain secure, while also contributing to broader discussions on establishing international norms and accountability in cyber-space. 

 

---

 

Richard Wallace is Cyber Security Threat Analyst at Vercara

 

Main image courtesy of iStockPhoto.com and Hailshadow