In the news

The DDoS attack on X.com this week provided a certain amount of schadenfreude for people less than enamored by Elon Musk. It also rang alarm bells in the cybersecurity community as that style of attack seems to be making a comeback, and not for financial gain. All indications are corporations, and, in particular, government institutions are not ready to repel attacks motivated by political revenge.

Security intelligence company Fletch.ai this week identified multiple ongoing attacks around the world targeting corporations for a variety of political positions, depending on which side the entities supported. Issues include the Ukraine/Russia war, Palestine/Israel, immigration, tariffs and just plain political leanings.

Musk blamed Ukrainian hackers for the attack on X (aka Xitter) but because DDoS attacks use multiple servers arrow the globe it is difficult to identify a particular source. However, Fletch and other analysts identify pro-Russian and pro-Chinese hacktivist groups behind most of the attacks using tried-and-true botnets.

Cheap and easy

Mithilesh Ramaswamy, a senior security engineer at Microsoft, said the cost of compute and cloud infrastructure are cheap now creating a low barrier to entry. “Even renting a botnet or using a DDoS-for-hire service is relatively simple and inexpensive.”

Dependency on cloud services also make organizations vulnerable when they rely heavily on third-party services or microservices architectures, he explained, allowing attackers to exploit integration weak points and unleash large-scale disruptions with targeted floods of traffic.

Cloudflare reported blocking a record-breaking 5.6 Tbps DDoS attack carried out by a Mirai-variant botnet. The significant increase in DDoS attacks in 2024, with a 53% rise from the previous year, underscores the growing threat. Fletch reported that the BadBox botnet infected over one million Android devices in 2024 “Despite efforts to disrupt it, the botnet continued to grow, indicating the persistent and evolving nature of DDoS threats.”

A pro-Palestinian hacktivist group known as Dark Storm claimed responsibility for attack on X.com, which caused major outages on the platform over the course of 48 hours. But that claim has not been verified.

Lax security

Ian Thornton-Trump, a well-respected security expert and current CISO for the Inversion6, blamed lax security standards at X.com for the breach. He pointed out that the section of the X.com servers the was hit was not covered by their Cloudflare subscription. Cloudflare is primarily a third-party service that provides a robust protection against DDoS attacks. The rise of these services helped drive the popularity of the attacks down over the past few years, but an organization still has to turn on the protection as they implement new data services. X apparently did not do that.