Why DDoS Just Wont Die

Distributed denial-of-service attacks are getting bigger, badder, and blended. What you can (and cant) do about that.

Most every organization has been affected by a distributed denial-of-service (DDoS) attack in some way: whether they were hit directly in a traffic-flooding attack, or if they suffered the fallout from one of their partners or suppliers getting victimized.
While DDoS carries less of a stigma than a data breach in the scheme of security threats, a powerful flooding attack can not only take down a companys network, but also its business. DDoS attacks traditionally have been employed either to merely disrupt the targeted organization, or as a cover for a more nefarious attack to spy on or steal data from an organization.
The April takedown by the UK National Crime Agency and Dutch National Police and other officials of the worlds largest online market for selling and launching DDoS attacks, Webstresser, was a big win for law enforcement. Webstresser boasted more than 136,000 registered users and supported some four million DDoS attacks worldwide.
But in the end, Webstressers demise isnt likely to make much of a dent in DDoS attack activity, experts say. Despite reports that the takedown led to a significant decline in DDoS attacks, Corero Network Security saw DDoS attacks actually rise on average in the second half of the month of April. Our own evidence is that attack volumes globally and in Europe have, if anything, increased in the week since the Europol take-down action, said Andrew Lloyd, president of Corero.
Even without a mega DDoS service, its still inexpensive to wage a DDoS attack. According to Symantec, DDoS bot software starts as low as a dollar to $15, and less than one-hour of a DDoS via a service can go from $5 to $20; a longer attack (more than 24 hours) against a more protected target, costs anywhere from $10 to $100.
And bots are becoming even easier to amass and in bigger numbers, as Internet of Things (IoT) devices are getting added to the arsenal. According to the Spamhaus Botnet Threat Report, the number of IoT botnet controllers more than doubled last year. Think Mirai, the IoT botnet that in October of 2016 took down managed DNS provider Dyn, taking with it big names like Amazon, Netflix, Twitter, Github, Okta, and Yelp – with an army of 100,000 IoT bots.
Sean Tierney, director of cyber intelligence at Infoblox, says botnets increasingly will be comprised of both traditional endpoints—Windows PCs and laptops—as well as IoT devices. They are going to be blended, he said in an interview. Its going to be harder to tell the difference in bots.
The wave of consumer products with IP connections without software or firmware update capabilities will exacerbate the botnet problem, according to Tierney.
While IoT botnets appear to be the thing of the future, some attackers have been waging old-school DDoS attacks: in the first quarter of this year, a long-tail DDoS attack lasted more than 12 days, according to new Kaspersky Lab research. That type of longevity for a DDoS was last seen in 2015.
Hardcore heavy DDoS attacks have been breaking records of late: the DDoS attack on Github recently, clocked at 1.35 terabytes, was broken a week later by a 1.7TB DDoS that abused the Memcached vulnerability against an undisclosed US service provider. That Github [DDoS] record didnt even last a week, Tierney said in a presentation at Interop ITX in Las Vegas last week.
The DDoS attack employed Memcached servers exposed on the public Internet. Memcached, an open-source memory-caching system for storing data in RAM for speeding access times, doesnt include an authentication feature, so attackers were able to spoof requests and amplify their attack. If properly configured, a Memcached server sits behind firewalls or inside an organization.
Memcached amplification attacks are just the beginning of these jacked-up attacks, Tierney said. Be ready for multi-vector attacks. Rate-limiting is good, but alone its not enough. Get ready for scales of 900Mbps to 400Gbps to over a Terabyte.
Tierney recommended ways to prepare for a DDoS attack, including:
Establish a security policy, including how youll enact and enforce it
Track issues that are security risks
Enact a business continuity/disaster recovery plan
Employ good security hygiene
Create an incident response plan that operates hand-in-hand with a business continuity/disaster recovery plan
Have a multi-pronged response plan, so that while youre being DDoSed, your data isnt also getting stolen in the background
Execute tabletop attack exercises
Hire external penetration tests
Conduct user security awareness and training
Change all factory-default passwords in devices
Know your supply chain and any potential risks they bring
Use DDoS traffic scrubbers, DDoS mitigation services

Related Content:
Memcached Servers Being Exploited in Huge DDoS Attacks
DDoS Attacks Become More Complex and Costly
GitHub Among Victims of Massive DDoS Attack Wave
7 Things to Know About Todays DDoS Attacks

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Why DDoS Just Wont Die