Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV

// // //
11/27/2017
01:21 PM
Simon Marshall
Simon Marshall
Simon Marshall

DDoS Attacks Trend in a Bad Direction

DDoS attacks aren't going away; they're becoming larger, more frequent and more frequently used in conjunction with other attacks.

DDoS attacks are beginning to hit harder and score higher. The frequency of attacks is dramatically increasing, attack vectors are alternating and -- most importantly -- they're being used strategically by hackers as a distraction from more penetrating attacks that carry greater business risk.

Our "friend" DDoS has blown through teenage years and is suddenly all grown-up. DDoS-for-hire services are becoming more common, more readily accessible, and less expensive. Attacks are now campaigns that lead with denial of service, or even Ransom Denial of Service (RDoS), but which terminate with a ruthless efficiency determined to distract threat detection from malware and thereby cause deeper wounds from an enterprise vulnerability perspective.

"Anyone can access these services, and for short money, execute a DDoS campaign," Stephanie Weagle, vice president of Corero Network Security, told SecurityNow. "There is no coding or sophisticated technical knowledge required. The motivations are wide raging -- political, hacktivism, extortion, cyber warfare, and even more simply, notoriety. Coupled with the ease of accessing DDoS-for-hire services, there is really no limit to this threat."

According to the DDoS and Internet availability specialist, the rate of DDoS attacks has doubled in the last six months, with eight attacks a day versus four at the beginning of the year. With a 35% increase in attacks per quarter this year, the worrying stat in Corero's latest report is that there's an accompanying rise of about 70% in attacks that last less than ten minutes.

More effective attacks
New high frequency, low volume attacks are so quick that they will stress teams already freaked out by the risk of mass outage damage which still occurs through regular DDoS. Business losses as such are subjective and vary, but it's the success rate of these new hit-and-run tactics that will cause alarm.

"With the average attack lasting less than ten minutes in duration, [an enterprise's] proactive mitigation tools must be able to detect and mitigate instantly," said Weagle. "Low volume, short duration, frequent attacks don't leave any room for human intervention, or [even] a prompt to swing bad traffic to cloud scrubbing operations. Further, neither an intrusion prevention system nor a firewall will protect you."

Effectively, when a firewall threshold limit is reached, every application and every ID using that port gets blocked, causing an outage. Bad actors know this is efficacious when blocking both good users along with attackers, because network and application availability is affected.

More frequent risks
DDoS is becoming the Red Herring and beachhead of more sophisticated, more penetrative attacks. "Once a DDoS attack is underway, security personnel are often distracted by the DDoS traffic," said Weagle, "These attacks act as a diversion tactic, distracting IT teams from the breach that's taking place, which could involve data being exfiltrated, networks being mapped for vulnerabilities, or a whole host of other potential risks."

Alongside the proliferation of DDoS-for-hire services which widen attack options to -- exceptionally -- those with no technical knowledge, attacks are being packaged and therefore usage accelerated, allowing agents to purchase, then "push the green button" and watch the results. "This is particularly true in light of automated attacks, which allow attackers to switch vectors faster than any human or traditional IT security solution can respond," said Weagle.

In fact, anyone needing a DDoS service need only seemingly outstretch their shopping cart. DDoS-for-hire services have numerically increased and also matured to the point where they're commercialized, are available via mobile platforms, and even offer discount schemes and loyalty points.

The dawn of RDos
Corero's customers have reported a negative trend in the last two quarters, where two brutal attacks have been observed for the first time. One is a sophisticated multi-vector attack, aimed to deceive and overrun traditional IT security measures. In other words, an attack that occupies resources while the critical attack comes in through the side door. Second are crippling service flood attacks which consume bandwidth at the target, resulting in service outages, downtime and latency; it turns a sprint to secure the enterprise into a three-legged race.

Right now, DDoS proficients will not always launch an attack. They may run a ransom threat in advance of an attack in the hopes of an easy dollar. That's a powerful financial leveraging of a threat considering that a tough DDoS attack can be launched through a for-hire organization for as little as $100. As usual with ransom, it's a numbers game but even so, some enterprises must be tempted to pay up in the face of an unknown DDoS attack magnitude.

"Forget the ransom, implement a layered defense strategy with dedicated DDoS mitigation technology," said Weagle.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42247
PUBLISHED: 2022-10-03
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
CVE-2022-41443
PUBLISHED: 2022-10-03
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
CVE-2022-33882
PUBLISHED: 2022-10-03
Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.
CVE-2022-42306
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
CVE-2022-42307
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.