Attacks/Breaches

10/4/2016
04:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Relentless DDoS Attack Incidents Raise Alarm For Businesses

Threat actors increasingly using DDoS tactics as a smokescreen to hide other malicious activity, Neustar report shows.

If there’s one thing consistent about DDoS attack trends over the past few years, it is just how predictable they have been.

Year after year, distributed denial-of-service (DDoS) attacks have grown relentlessly in number. And despite being a thoroughly researched and well-understood problem, they haven’t become any easier to handle. Recent reports from two security firms show that the situation has changed little in the past year -- and could be on the verge of becoming worse.

Neustar's new survey today of more than 1,000 CISOs, CTOs, CISOs and other security professionals shows that DDoS attack volumes remained consistently high through the year. Despite mitigation efforts, more than seven in 10 of the survey respondents said their companies had suffered a DDoS attack in the past year. An even bigger 85% of the victims claimed they had been hit more than once, while 44% had been attacked a startling five times or more.

Fueling the increase in attacks, at least to a certain extent, is the ready availability of DDoS-for-hire services that let threat actors launch attacks against targets for "less than the cost of a lunch," Neustar said in its report.

An Akamai report released last month highlighted a 129% increase in DDoS attacks in the second quarter of 2016 compared to the same period last year. Despite a handful of attacks that exceeded 100 Gbps in size and some that even topped 300 Gbps, the median size of DDoS attacks fell 36% to 3.85 Gbps.

In about half of the cases these days, threat actors are using DDoS attacks to try and distract security response teams from other attacks going on at the same time, says Joe Loveless, director of product marketing at Neustar.

"DDoS attacks are a successful smokescreen for other malicious attacks because they can overwhelm and preoccupy security response teams," Loveless says.

In particular, DDoS attacks that target the API, or the Web application resources of network devices including security management systems, can effectively render a security team blind to any other stealthy activity that might be going on, he says. "For example, malware from a phishing attempt may activate during a DDoS attack because the security team is unaware of it."

Not surprisingly, about 21% of the organizations that were hit with DDoS attacks also reported breaches involving loss of customer data. About 70% of them learned of the loss from external sources such as social media. About 37% of the victims discovered at least one malware sample that had been activated under cover of a DDoS attack.

Though the motivations for attacks tend to vary, the most common consequence of a DDoS flood continues to be service outage. Nearly 50% of the Neustar survey respondents said their organizations would lose $100,000 or more per hour if the DDoS attack happened during peak business hours. One-third pegged the number at $250,000 per hour.

Concerns over DDoS attacks—always in the background for most security professionals—have risen to the top in recent days as the result of two massive attacks involving the use of compromised IoT devices.

Both the attacks, one on KrebsOnSecurity's site involving over 600 Gbps of DDoS traffic, and the other on French ISP OVH that generated a staggering 1 Tbps flood, were generated from a botnet of infected consumer IoT systems.

The threat actor behind the attacks earlier this week publicly released his code for the attacks, prompting fears that more adversaries could start infecting Internet connected DVRs, IP cameras, and other IoT devices to wage DDoS attacks.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
Hyatt Hit With Another Credit Card Breach
Dark Reading Staff 10/13/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.