Attacks/Breaches
3/28/2013
12:13 PM
50%
50%

DDoS Attack Doesn't Spell Internet Doom: 7 Facts

Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts.

5. Why DDoS Size Doesn't Always Matter.

Still, the DDoS attacks launched against Spamhaus suggest that with a bit of effort, attack volumes -- which on average have remained stagnant in recent years, or even decreased -- can be increased in size. "Arbor has been monitoring DDoS for more than a dozen years and we've seen attack size peaking at around 100 Gbps in recent years," said Dan Holden, director of Arbor Network's security engineering and response team, in an email.

But DDoS attack size need not matter, because DDoS attackers -- supported by free attack toolkits -- have found effective ways to disrupt websites that don't require launching massive quantities of packets. Instead, they can simply target choke points, for example by launching application-layer attacks.

Such attacks can be just as effective as high-volume attacks. For example, the largest DDoS attack in 2012 peaked at just 60 Gbps, in a year that was filled with DDoS disruptions.

6. At Whatever Volume, DDoS Attacks Are Hard To Stop.

The end result, of course, is still website disruptions. "The attack on Spamhaus, and their upstream security and Internet providers, is yet another example of how DDoS has become the de facto weapon of choice for cyber-activists, cyber-criminals, business competitors and others," said Marty Meyer, president of Corero Network Security, in an email. "Unfortunately, the shared infrastructure that is the Internet can be vulnerable to this type of attack on the DNS system. It illustrates the collateral damage that can be felt by individuals trying to access sites and businesses like Netflix" -- which reportedly saw its service slow down as a result of the Spamhaus DDoS attacks -- "for whom the Web is the cornerstone of their business," he said.

The DDoS attack against Spamhaus also brought predictable dystopian hand-wringing from security vendors envisioning the potential evolution in online threats. "It also raises a worrying red flag that if an organization like CyberBunker could allegedly unleash this much damage, could a cyber-terrorist or state sponsored attacker use similar tactics to disrupt the communication and business channels of its enemies that rely on the Internet?" said Meyer.

7. Easy DDoS Attacks Support Online Grudges.

Case in point: the group calling itself the al-Qassam Cyber Fighters, which has been waging six-month-long DDoS attack campaign against U.S. banking websites under the banner of "Operation Ababil." Although the group claims to be a cross-border band of Muslim hacktivists incensed over the July 2012 posting to YouTube of a film that mocks the founder of Islam, multiple U.S. government officials have accused it of being an Iranian government front.

Regardless, the group continues to prove itself adept at preventing customers from reaching U.S. banking websites, either by disrupting targeted websites, or leading targeted websites to employ defenses that block some legitimate traffic from reaching their sites. No 300-Gbps attack volume required.

Attend Interop Las Vegas, May 6-10, and learn the emerging trends in information risk management and security. Use Priority Code MPIWK by April 29 to save an additional $200 off All Access and Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 300+ exhibiting companies, and the latest technology. Register for Interop today!

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
3/29/2013 | 2:21:45 PM
re: DDoS Attack Doesn't Spell Internet Doom: 7 Facts
I appreciate what Spamhaus attempts to do and its objectives, but I have also seen the effects of its methods on email exchanges for those businesses blocked by inclusion of entire address ranges. They've blocked entire subnets capturing both legitimate business with the suspect spam originators. So, I can grasp how a slowdown for those services (http or smtp) that utilize spamhaus as a filter would be seen. I find it a little more difficult to believe that the traffic would cause a general slowdown due to saturation with the possible exception of low capacity nodes where a high percentage of the DDoS traffic may be originated or routed toward Spamhaus. Perhaps watching the routing through a utility like Tor I have developed an exaggerated idea of the number of possible routes available through the internet. Then again, maybe CloudFlare just saw a possibility for a little public recognition?
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
3/28/2013 | 9:31:21 PM
re: DDoS Attack Doesn't Spell Internet Doom: 7 Facts
A cyber-security story got hyped? By a security vendor? I'm shocked! Shocked, I tell you!

Drew Conry-Murray
Editor, Network Computing
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0714
Published: 2015-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

CVE-2014-3598
Published: 2015-05-01
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2014-8361
Published: 2015-05-01
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

CVE-2015-0237
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVE-2015-0257
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.