AI is changing DDoS!
SCWorld.com reported that “Today, booter/stresser services available today on the dark web – also known collectively as the DDoS-for-hire industry – have significantly lowered the barrier for launching complex Distributed Denial-of-Service (DDoS) attacks. These services are easy to use and offer users ready-made infrastructure with advanced features that they can rent at any price range.” The February 28, 2025 article entitled “How AI has changed the DDoS industry” (https://tinyurl.com/ytj8feav) included these comments:
The emerging role of AI in cyber attacks
In comparison to traditional DDoS attacks, which often rely on brute force or high volumes of traffic, attacks that leverage AI and automation are more targeted and intelligent in their approach. For example, though relatively new on the scene, AI has already been used to get around CAPTCHA boxes designed to verify whether a visitor is human or right. Superior AI image recognition lets attackers understand and bypass these barriers.
In the near future, we may also see AI enable:
Real-time adaptation to evade defense parameters: This may include AI-driven attacks to quickly change attack vectors (HTTP flooding vs SYN flooding), packet size, or frequency until they achieve success. This could be challenging for defenders relying on static defenses, such as rate-limited thresholds, as AI could quickly adjust the traffic flow to remain just under the detection limit.
Behavior mimicry: By mimicking human-like browsing behavior, AI-driven bots could make it harder for traditional security tools to distinguish between legitimate users and attackers.
Automation also contributes to the sophistication of DDoS attacks, eliminating traditional manual processes and allowing for more efficient scheduling, repetition, and overall optimization of attacks. This can mimic AI-like capabilities. In response, organizations need to prepare for prolonged and constantly evolving attacks that test their defense capabilities.
No surprises here for DDoS!