Attacks/Breaches
3/28/2013
12:13 PM
Connect Directly
RSS
E-Mail
50%
50%

DDoS Attack Doesn't Spell Internet Doom: 7 Facts

Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts.

5. Why DDoS Size Doesn't Always Matter.

Still, the DDoS attacks launched against Spamhaus suggest that with a bit of effort, attack volumes -- which on average have remained stagnant in recent years, or even decreased -- can be increased in size. "Arbor has been monitoring DDoS for more than a dozen years and we've seen attack size peaking at around 100 Gbps in recent years," said Dan Holden, director of Arbor Network's security engineering and response team, in an email.

But DDoS attack size need not matter, because DDoS attackers -- supported by free attack toolkits -- have found effective ways to disrupt websites that don't require launching massive quantities of packets. Instead, they can simply target choke points, for example by launching application-layer attacks.

Such attacks can be just as effective as high-volume attacks. For example, the largest DDoS attack in 2012 peaked at just 60 Gbps, in a year that was filled with DDoS disruptions.

6. At Whatever Volume, DDoS Attacks Are Hard To Stop.

The end result, of course, is still website disruptions. "The attack on Spamhaus, and their upstream security and Internet providers, is yet another example of how DDoS has become the de facto weapon of choice for cyber-activists, cyber-criminals, business competitors and others," said Marty Meyer, president of Corero Network Security, in an email. "Unfortunately, the shared infrastructure that is the Internet can be vulnerable to this type of attack on the DNS system. It illustrates the collateral damage that can be felt by individuals trying to access sites and businesses like Netflix" -- which reportedly saw its service slow down as a result of the Spamhaus DDoS attacks -- "for whom the Web is the cornerstone of their business," he said.

The DDoS attack against Spamhaus also brought predictable dystopian hand-wringing from security vendors envisioning the potential evolution in online threats. "It also raises a worrying red flag that if an organization like CyberBunker could allegedly unleash this much damage, could a cyber-terrorist or state sponsored attacker use similar tactics to disrupt the communication and business channels of its enemies that rely on the Internet?" said Meyer.

7. Easy DDoS Attacks Support Online Grudges.

Case in point: the group calling itself the al-Qassam Cyber Fighters, which has been waging six-month-long DDoS attack campaign against U.S. banking websites under the banner of "Operation Ababil." Although the group claims to be a cross-border band of Muslim hacktivists incensed over the July 2012 posting to YouTube of a film that mocks the founder of Islam, multiple U.S. government officials have accused it of being an Iranian government front.

Regardless, the group continues to prove itself adept at preventing customers from reaching U.S. banking websites, either by disrupting targeted websites, or leading targeted websites to employ defenses that block some legitimate traffic from reaching their sites. No 300-Gbps attack volume required.

Attend Interop Las Vegas, May 6-10, and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by April 29 to save an additional $200 off All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register for Interop today!

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
3/29/2013 | 2:21:45 PM
re: DDoS Attack Doesn't Spell Internet Doom: 7 Facts
I appreciate what Spamhaus attempts to do and its objectives, but I have also seen the effects of its methods on email exchanges for those businesses blocked by inclusion of entire address ranges. They've blocked entire subnets capturing both legitimate business with the suspect spam originators. So, I can grasp how a slowdown for those services (http or smtp) that utilize spamhaus as a filter would be seen. I find it a little more difficult to believe that the traffic would cause a general slowdown due to saturation with the possible exception of low capacity nodes where a high percentage of the DDoS traffic may be originated or routed toward Spamhaus. Perhaps watching the routing through a utility like Tor I have developed an exaggerated idea of the number of possible routes available through the internet. Then again, maybe CloudFlare just saw a possibility for a little public recognition?
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
3/28/2013 | 9:31:21 PM
re: DDoS Attack Doesn't Spell Internet Doom: 7 Facts
A cyber-security story got hyped? By a security vendor? I'm shocked! Shocked, I tell you!

Drew Conry-Murray
Editor, Network Computing
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7877
Published: 2014-10-30
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVE-2014-3051
Published: 2014-10-29
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof s...

CVE-2014-3668
Published: 2014-10-29
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument t...

CVE-2014-3669
Published: 2014-10-29
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function ...

CVE-2014-3670
Published: 2014-10-29
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly exec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.