DDoS Just Wont Die

  /     /     /  
Publicated : 22/11/2024   Category : security


DDoS Just Wont Die


Record-breaking 309 Gbps distributed denial-of-service attack reported, and attackers continue to employ new ways of flooding and overwhelming struggling targets



Its one of the more crude and old-school cyberattacks, but the distributed denial-of-service (DDoS) attack just keeps getting stronger, faster, and harder to deflect: New data published today shows the largest attack last year registered three times the volume of DDoS attacks in previous years, and attacks against SSL-protected websites jumped nearly 20 percent.
We are seeing a lot of Web [DDoS] attacks and encrypted attacks, says Gary Sockrider, solutions architect for the Americas at Arbor Networks, which released its annual Worldwide Infrastructure Security Report today that mentions a record-breaking 309-Gbps DDoS attack last year. In the past three years, DDoSes had plateaued at a peak of around 100 Gbps. This year, the largest is 309 Gbps, three orders of magnitude larger.
Other security reports published today echo the same theme of more punishing DDoS attacks in the past year: Radware saw a 20 percent increase in severity of DDoS attacks, and
Prolexic reports
that DDoS attack volume increased month to month last year, with an increase of 30 percent in powerful, high bandwidth attacks.
Sockrider says respondents to the Arbor survey -- 68 percent of whom are service providers -- reported experiencing multiple DDoS attacks above 100 Gbps, which jives with what Arbor witnessed firsthand for its customers. While the
DDoS attack in March 2013 against volunteer spam filtering organization Spamhaus
was the largest on record at 300 Gbps traffic, there were likely copycats, he says.
The attackers behind the DDoS attack on Spamhaus abused improperly configured or default-state DNS servers, also known as open DNS resolvers, so this was no standard botnet-borne attack. Since DNS servers are large and run on high-speed Internet connections, the attackers were able to maximize a bigger bandwidth attack with fewer machines.
More than one-third of respondents in the Arbor survey say they were hit with DNS-based DDoS attacks that affected customers, up from 25 percent last year.
Hacktivists remain the top DDoS attackers, according to Arbors report, but cybercriminals also are employing these destructive attacks to target businesses. Some 40 percent of DDoS attacks are waged for political or ideological reasons, respondents say, while 39 percent say the attack motivation is unknown. Some 16 percent say the attacks were used a diversion by the attackers for cybercrime activity such as stealing sensitive data.
Richard Domingues Boscovich, assistant general counsel of Microsofts Digital Crimes Unit, says DDoS attacks are becoming more serious, and increasingly are getting used in conjunction with other attacks. A DDoS can be used to overwhelm a companys security operations center, for instance, to weaken their defenses against other types of attacks. So DDoS mitigation is crucial to filter the noise away, he says. Becoming overwhelmed by a DDoS can leave a back door open for other attacks while the organization is dealing with the DDoS, he says. Thats my main concern, Boscovich says.
If a criminal syndicate were to point a massive DDoS at a banks network, for instance, it could take down their firewalls. No firewall can scale to 50 to 60 Gbps of throughput, so its going to fill up memory and saturate the system, so the security team has to take them down, reboot the ACLs [access control lists], turn off scanning, and during that period ... the criminals will use DDoS as a distraction to go after and exfiltrate data, says Jason Matlof, vice president of marketing for A10 Networks. Criminal syndicates are getting more sophisticated, and botnets are a way to make money like theyve never been able to make before.
Data Centers In the Bulls Eye
Data center operations are being targeted more by DDoS attacks, according to Arbor, with 70 percent of centers saying they saw a rise in attacks, versus 50 percent last year. More than one third say the attacks completely saturated their available Internet connections: Twice as many said it exceeded their total bandwidth, so it had to be mitigated upstream, Sockrider says. 81 percent say they experienced operational expenses or business impact because of a DDoS.
Multiple DDoS attacks also were more frequent on data centers last year: some 10 percent say they suffered more than 100 DDoS attacks per month.
[Denial-of-service attacks powered by NTP amplification interrupted online-gaming services over the past month, renewing efforts to find solutions to the vulnerabilities. See
No Easy Solution To Stop Amplification Attacks
.]
Radwares DDoS survey
found that 87 percent of enterprises and carriers have experienced some level of service disruption due to a DDoS attack, and 60 percent had an actual service degradation from a DDoS. The negative impact of a service outage is already understood, but even small instances of service degradation can have harmful, lasting effects on an organizations brand image, customer satisfaction and ultimately its bottom line, says Avi Chesla, chief technology officer at Radware.
Meanwhile, application-layer DDoS attacks continue to become more prevalent, Arbor reports, with a 17 percent increase in DDoSes against encrypted, SSL/HTTP-S websites and services. What theyre trying to do is evade detection. These encrypted attacks tend to be fairly simplistic and theyre not trying to hide their nature, but just trying to hide the fact that it is an attack, Sockrider says.
Encrypted application-layer DDoS attacks accounted for half of all Web attacks last year, according to Radware. Some 15 percent of its survey respondents say their Web application login pages were hit daily.
SSL DDoS attacks employ simple encryption algorithms, and encryption is becoming an option in many DDoS attack tools, Arbors Sockrider says. This type of DDoS traffic can easily get passed to the server by the IPS or firewall: On the surface, [the traffic] looks legitimate. Its very uncommon that they decrypt it to inspect it, he says.
These attacks are not high volume like infrastructure attacks, but instead are all about exhausting server or state table resources. Its exhausting the resources of the application or host it runs on. And its much harder to detect, and therefore you cant [typically] see it, Sockrider says.
Enterprises are the biggest DDoS target, according to Akamai, which today published its
State of the Internet report for Q3 2013
. Some 127 DDoS attacks were reported by enterprises during that period, 80 by commerce businesses, 42 by media and entertainment organizations, 18 by public sector organizations, and 14 by high-technology firms.
And once youre hit with a DDoS, theres a 25 percent chance youll be attacked again within three months, Akamai estimates.
The bad news is many organizations just dont have a plan for defending against DDoS attacks, either. Nearly 45 percent of organizations surveyed recently by Corero have no DDoS response plan, while some 21 percent dont have a response team set up in the case of a DDoS attack targeting their networks. Around 60 percent say they dont have a designated DDoS response team, and 40 percent say they dont have a point of contact within their organizations when a DDoS hits.
Arbors Worldwide Infrastructure Security Report is available
here
(PDF) for download.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
DDoS Just Wont Die