01-04-2025
How To Prepare For The Weaponization Of GenAI In DDoS Attacks
Ashley Stephenson is the CTO of Corero Network Security, a leading provider of DDoS protection solutions.
getty
Late last year, an attacker known as "Matrix" orchestrated a large-scale distributed denial-of-service (DDoS) attack by exploiting vulnerabilities in Internet of Things (IoT) devices. By leveraging publicly available malware and weak device configurations, Matrix built a botnet capable of overwhelming targeted networks with a flood of traffic. What makes this case particularly alarming is that Matrix is apparently not an organized cybercriminal but a lone-wolf threat actor, a so-called "script kiddie" who utilized off-the-shelf tools to achieve widespread disruption.
The Matrix incident exemplifies a growing trend in which cybercriminals, regardless of skill level, are increasingly empowered by emerging technologies like generative AI (GenAI). Tools that once required advanced technical expertise are now within reach of novice attackers, thanks in part to GenAI's ability to generate sophisticated code, optimize attack strategies and automate complex processes. This democratization of cyber capabilities is making DDoS attacks not only more accessible but also more dangerous than ever.
DDoS attacks are often dismissed as simple disruptions, but they play a critical role in larger attack campaigns. Beyond overwhelming systems, these attacks can serve as a smokescreen for other malicious activities, such as reconnaissance, data exfiltration or the deployment of malware. With GenAI acting as a force multiplier, even unskilled actors can amplify the scale and sophistication of their efforts, transforming basic botnets into adaptive, resilient attack networks.
As GenAI continues to evolve, the cybersecurity community faces a pressing challenge: addressing the dual-use nature of these technologies. While GenAI holds immense potential for innovation, its exploitation by bad actors underscores the urgency of developing proactive defenses that can anticipate and counter these new AI-assisted threats.
DDoS attacks have long been a fixture of the cyber threat landscape, but their role is evolving. Once considered a crude, blunt-force instrument, such attacks are increasingly seen as a harbinger of more sophisticated tactics to come. Much like a canary in a coal mine, the rise of AI-enhanced DDoS attacks signals a shift toward more adaptive and complex cyber threats.
Beyond the tactical use of DDoS attacks to cause downtime, they can also be used in a strategic role to gather reconnaissance on a target's network infrastructure. Observing how a target responds to a DDoS attack can reveal weaknesses in their defenses, such as under-protected endpoints or inefficient traffic management. Additionally, attackers can analyze traffic flows during an attack to map a network's response and topology, providing valuable insights for future exploitation.
Despite built-in guardrails intended to prevent malicious use, GenAI tools are already proving to be a force multiplier for cybercriminals. By automating tasks that were once labor-intensive or required specialized skills, AI lowers the barrier to entry for attackers.
For instance, phishing lures—especially those tailored for non-native speakers—are now more convincing than ever, helping malicious actors rapidly grow their botnet armies. Similarly, AI-powered tools can help identify misconfigured servers and vulnerable IP ranges, providing a roadmap for exploitation.
Research has already demonstrated these risks in real-world scenarios. Security researchers at the University of Illinois demonstrated how large language models (LLMs) can autonomously exploit real-world vulnerabilities when provided with basic information like a CVE advisory, significantly improving the exploitation rate of "1-day" vulnerabilities. Publicly available scripts and bot-based attack strategies further accelerate the adoption of DDoS as an entry point for cybercriminals.
AI's influence will not stop at reconnaissance and attack tool creation. It can also enhance the scale and efficiency of attacks by allowing attackers to orchestrate multiple attack vectors, such as volumetric and application-layer attacks, in a synchronized or reactive manner. AI can also be used to optimize the management of command-and-control (C&C) infrastructures by obfuscating communications and dynamically switching servers to evade detection.
The pace of innovation driving GenAI tools is staggering. Consequently, proactive strategies will help security leaders stay one step ahead of attackers who are leveraging this powerful technology for DDoS and other sophisticated attacks. Here are three key approaches to help strengthen your defensive posture:
Some reports claim the average time to remediate a vulnerability is about 270 days—an eternity in cybersecurity terms. GenAI can be a game-changer in triaging vulnerabilities by prioritizing the most critical threats and automating parts of the remediation process. Custom LLMs trained on an organization's own data, including threat intelligence feeds, can sift through massive datasets to surface potential attack signals, enabling faster and more targeted responses.
Security leaders can leverage GenAI as a vehicle for asking the right questions about their security data. What are the unknown unknowns? Generative AI and machine learning tools can assist threat-hunting teams in identifying anomalies, mapping patterns of suspicious activity and uncovering vulnerabilities before attackers exploit them. Proactively adopting this adversarial mindset can help defenders uncover gaps and strengthen their posture.
The dynamic nature of AI-driven attacks calls for equally flexible defenses. AI-powered tools can dynamically adjust to threats in real time, integrating anomaly detection, traffic analysis and predictive models to accelerate the mitigation of DDoS and other attacks. By using AI to simulate potential attack scenarios, organizations can build more resilient infrastructures that can adapt alongside emerging threats.
As GenAI continues to mature, so too will its appeal to threat actors seeking to enhance their tactics. What we're witnessing in the DDoS space offers a glimpse into the broader trajectory of AI-enhanced cybercrime. From phishing campaigns to ransomware operations, the same technological advancements that are transforming industries can and will be weaponized in increasingly sophisticated ways.
Security leaders must not only recognize the implications of this shift but also anticipate how GenAI will redefine the threat landscape across all attack vectors. The time to act is now, embracing proactive measures and leveraging AI defensively to stay ahead of this rapidly evolving adversary.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
