Guest: Steve Winterfeld (LinkedIn)
Company: Akamai
Show Name: CISO Insights
Topics: Cybersecurity, Cloud Security

The world of cyber threats is evolving fast, and DDoS attacks have become a weapon of choice not just for criminals but also for politically motivated groups. In a recent episode, Steve Winterfeld, Advisory CISO at Akamai, offered a deep look at the latest findings from Akamai and FS-ISAC’s joint analysis — revealing how ideology is increasingly shaping global cyberattacks.

According to Winterfeld, the days when DDoS attacks were primarily about disruption for ransom or notoriety are fading. Today’s threat landscape is defined by organized and adaptive actors who tailor their campaigns based on political context. He highlights how groups like BlackMeta, a pro-Palestinian collective, and NoName, a pro-Russian organization, have become some of the most active threat actors of 2024. Both groups maintain their own DDoS-for-hire infrastructure, blending activism and profit motives in a new form of “cyber mercenary” ecosystem.

What’s striking, Winterfeld notes, is the agility of these attackers. “They’re adaptive — they probe, they shift, and they evolve,” he explained. Many modern botnets are globally distributed, consisting of compromised IoT devices, home routers, and even corporate endpoints. If a target blocks international traffic, the attackers simply reconfigure their botnet to launch from within the same region. This makes geographic filtering and traditional mitigation tactics less effective.

Akamai’s global network visibility gives it a unique perspective into this activity. The company sees attacks scale from zero to record levels in minutes — not hours — and across multiple regions simultaneously. Winterfeld points to geopolitical hotspots like EMEA and APAC, where cyber activity increasingly mirrors real-world tensions. “In EMEA, much of it is driven by politics. In APAC, financial targets still dominate, but the motivations are starting to mix,” he said.

One of the most concerning trends is the rise of subscription-based DDoS-for-hire services. Platforms like Gur Laban, which accept cryptocurrency payments, allow virtually anyone to rent attack capacity for financial or ideological reasons. “If someone wants to take down a competitor, or attack a bank, they can rent it,” Winterfeld said. This democratization of cyber aggression makes the barrier to entry lower than ever.

He also highlighted how even statements made by corporate leaders can spark retaliation. “If your CEO makes a political statement, that can put you on their radar,” he warned. In an era of social media activism, public alignment with political causes can have digital consequences.

For security leaders, these insights underscore the need for layered defense strategies that go beyond volumetric mitigation. Enterprises must prepare for attackers who learn and adapt in real time — combining intelligence sharing, automation, and zero-trust principles to stay resilient.

Akamai’s partnership with FS-ISAC remains critical to this effort, enabling large-scale data sharing across more than 5,000 financial institutions worldwide. Together, they’re tracking these hybrid motivations and new attack methods to help organizations anticipate rather than react.