9 Reasons for Denial-Of-Service (DoS) Attacks: Why Do They Happen?

DoS attacks happen for many reasons: extortion demands, turf wars between criminal groups, anticompetitive sabotage, punishment for refusing demands, political criticism, training grounds for future attacks, distraction from other intrusions, self-induced mistakes, or no apparent reason at all.

Denial of Service attacks (DoS) affect numerous organizations connected to the Internet. They disrupt normal business operations. Though you can take some measures to mitigate their effects, they are practically impossible to prevent and are costly and time-consuming to handle. One way to start thinking about your ability to withstand and respond to DoS attacks is to consider why DoS attacks happen.

Common reasons for DoS incidents include the following, listed in no particular order:

Extortion via a threat of a DoS attack: The attacker might aim to directly profit from his perceived ability to disrupt the victim’s services by demanding payment to avoid the disruption.

Turf wars and fights between online gangs: Groups and individuals in engaged on Internet-based malicious activities might use DoS as weapons against each other’s infrastructure and operations, catching legitimate businesses in the crossfire.

Anticompetitive business practices: Cyber-criminals sometimes offer DoS services to take out competitor’s websites or otherwise disrupt their operations.

Punishment for undesired actions: A DoS attack might aim to punish the victim for refusing an extortion demand or for causing disruption to the attacker’s business model (e.g., spam-sending operations).

Expression of anger and criticism: Attackers might use the DoS attack as a way of criticizing the company or government organization for exhibiting undesirable political or geopolitical, economic or monetary behaviors.

Training ground for other attacks: Attackers sometimes might target the organization when fine-tuning DoS tools and capabilities for future attacks, which will be directed at other victims.

Distraction from other malicious actions: Adversaries might perform a DoS attack just to draw your attention away from other intrusion activities that they perform elsewhere in your environment.

Self-induced: Some downtime and service disruptions are the result of the non-malicious actions that the organization’s employees took by mistake (e.g., a server configuration problem).

No apparent reason at all: Unfortunately, many DoS victims never learn what motivated the attack.

As you’ve seen above, there are many reasons why someone might launch a DoS attack against your organization. Handling such incidents involves operating under stressful circumstances, often with limited resources and time. To learn how to prepare for dealing with a DoS attack and what to do if you’re caught unprepared, see my Network DDoS Incident Response Cheat Sheet.

About the Author

Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. As CISO at Axonius, he leads the security and IT program, focusing on trust and growth. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. Lenny shares his perspectives on security leadership and technology at zeltser.com.

Learn more →