Spafford estimates that there are thousands of politically motivated attacks across the internet each year. "Many of them aren't that coordinated or don't have as big of an impact as in Estonia," he adds.
However, the majority of cyber attacks are economically motivated, with the most common targets being gambling, e-commerce, pornography and financial websites.
"We don't see a lot of denial-of-service attacks these days because most of the cyber attacks we see are profit motivated," said Steve Bellovin, an internet security expert and professor of computer science at Columbia University. "The most common are extortion, especially against gambling sites."
Lessons learned from Estonia
The packet floods used in the Estonian DoS attacks were not new. What was unusual about these attacks was the duration and the disruption they caused, experts say.
"The size and scale of these attacks in terms of the bandwidth and packets per second is in the middle in terms of what we have seen for these kinds of attacks," Nazario said. "But they lasted for weeks, not hours or days, which is much longer than we've seen for most of these attacks in the past. And the targets and the inferred motivation were geo-political rather than economic or a simple grudge. That suggests we have turned a corner."
Spafford said what's important for US companies to learn about the Estonian incident is how much damage a small number of people with resources can do.
Another lesson learned from this incident is that the Estonian response - of admitting the problem and getting help from ISPs and international governments - was largely successful.
One suggestion for network managers is not to worry too much about figuring out where a cyber attack is coming from or why. Ed Amoroso, CSO at AT&T, said network managers should instead focus on mitigating the attack.
"For the day-to-day types of attacks people are dealing with, the goal of trying to determine where the attack originates remains very elusive because most of the attacks involve bots," Amoroso said. "It's so tempting in cyber security to say let's trace back the attack to see where it's coming from, and let's hypothesise what the geo-political situation is. Let's assume if we see that it's an intense attack, that it's well funded. But it's just as likely to be a kid sitting in Brooklyn. That's one of the great difficulties of doing cyber security."
The good news for Western companies is that they’re better positioned to defend themselves against similar DoS attacks. The US, for example, is so much larger than Estonia and has a more robust network infrastructure.
"The country of Estonia is about the size of Rhode Island," said Marty Lindner, a senior member of the technical staff at the US Computer Emergency Readiness Team. "They only have so much infrastructure. When somebody decides to launch a DoS attack, all it takes is a little more energy than the size of your infrastructure to knock it over. The attacker here decided to take out 11 to 12 websites....If you take a big corporate network in the US, it is bigger and more robust than Estonia's will ever be."