Back

DDoS attacks underscore the vulnerability of public systems

Posted By

Cyber Magazine

On

December 20, 2023

OpenAI recently experienced a DDoS attack that disrupted ChatGPT, therefore it is essential for organisations to take proactive steps to protect themselves

Businesses are currently undergoing significant digital transformation due to the impact and implementation of artificial intelligence (AI). The popularity of AI virtual assistants is on the rise, driven by their capacity to automate tasks, boost productivity, and elevate customer service. 

These virtual assistants possess an impressive ability to handle a diverse range of tasks, from addressing inquiries to scheduling appointments and sending out emails. This is why platforms such as Google Bard, and OpenAI’s ChatGPT are beginning to thrive and become an integral part of the business digital world. 

DDoS attack against OpenAI
Earlier this week, OpenAI experienced a DDoS attack that resulted in disruptions across the organisation's tools and services, including ChatGPT. Subsequent to the attack, the responsibility for launching it was claimed by the highly prolific hacktivist group, Anonymous Sudan.

Product Director of Nexusguard, Donny Chong, says: "ChatGPT's status as a media darling makes it a tempting target for any hacker seeking notoriety. It comes as little surprise that a group has already come forward to claim credit for yesterday’s outage. 

“The incident shows that no company is safe from the constant game of cat and mouse between attackers and defenders. If DDoS groups identify a vulnerability, they will act, and without the right DDoS protection and the right people to combat the threat, prolonged disruption to services or, in the worst case, complete outages are inevitable. Perhaps not until ChatGPT's AI and machine learning models learn to fight back.”

Anything publicly accessible is vulnerable
The DDoS attack on OpenAI highlights the vulnerability of anything publicly accessible on the internet to such attacks. However, it cannot be said for certain that the entity claiming responsibility for the attack was indeed behind it.

Anonymous Sudan has a history of taking credit for unrelated attacks and service disruptions, often associated with surges in traffic related to new product releases. Moreover, Anonymous Sudan doesn’t typically engage in DDoS attacks that are highly sophisticated, but the hacktivist group does employ large-scale attacks using various vectors. If the target is unprepared or lacks proper provisioning, they can indeed be affected by such attacks.

"DDoS attacks have become all too common and the tactic all too effective,” explains Chong. “To make matters worse, the DDoS landscape continues to grow ever more volatile. Attacks are getting larger, and threat actors are constantly evolving their methods to identify new attack vectors. 

“It is essential that organisations proactively adapt to meet evolving threats, implementing DDoS protection and ensuring that the right processes and people are in place to protect digital infrastructure from surging attacks. Failure to do so can wreak havoc on a company's reputation, customer base and bottom line."