Ashley Stephenson, the Chief Technology Officer of Corero Network Security, has highlighted a new trend in cyberattacks that mirrors techniques used in money laundering. Criminal organizations often break down large deposits of cash into smaller amounts to avoid detection, a strategy known as “structuring.” Similarly, distributed denial of service (DDoS) attackers are now using a “death by a thousand cuts” approach, distributing smaller volumes of attack traffic across various IP addresses, services, and domains to evade detection and cause confusion.
These new types of DDoS attacks, known as spread spectrum or carpet bombing attacks, flood multiple targets with small bursts of malicious traffic simultaneously. This makes it difficult for traditional defense systems to identify and mitigate the threat. These attacks have surged in prevalence, with a 300% increase observed in one year. Detecting and mitigating these attacks pose unique challenges due to their stealthy nature, as they scatter traffic across multiple IP addresses, rendering conventional protection tools ineffective.
To combat these evolving threats, security teams can learn from the anti-money laundering (AML) industry and apply similar strategies to DDoS defense. AML platforms use signals beyond static thresholds to detect potential criminal activity, focusing on tracking patterns, user behaviors, and other anomalous signals. Security teams should view traffic thresholds as contributing signals and integrate them with other sources of intelligence to detect covert DDoS attacks.
Furthermore, AML solutions have evolved to incorporate contextual analysis to determine the normality of transactions based on behavioral cues, rather than solely relying on threshold-based rules. Security teams should also integrate behavioral context into their threat response models to differentiate genuine threats from everyday activities. Additionally, automated feedback loops are essential for both AML solutions and DDoS mitigation, enabling real-time analysis of network traffic and adjustment of detection parameters to address emerging threats.
As cybercriminals continue to innovate and disguise their attacks, security leaders must draw inspiration from AML practices and other industries to develop new detection insights and defense strategies. By staying ahead of evolving threats and adapting to changing attack techniques, security teams can better protect their networks and prevent disruptive cyberattacks.