Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV

11/27/2017
01:21 PM
Simon Marshall
Simon Marshall
Simon Marshall
50%
50%

DDoS Attacks Trend in a Bad Direction

DDoS attacks aren't going away; they're becoming larger, more frequent and more frequently used in conjunction with other attacks.

DDoS attacks are beginning to hit harder and score higher. The frequency of attacks is dramatically increasing, attack vectors are alternating and -- most importantly -- they're being used strategically by hackers as a distraction from more penetrating attacks that carry greater business risk.

Our "friend" DDoS has blown through teenage years and is suddenly all grown-up. DDoS-for-hire services are becoming more common, more readily accessible, and less expensive. Attacks are now campaigns that lead with denial of service, or even Ransom Denial of Service (RDoS), but which terminate with a ruthless efficiency determined to distract threat detection from malware and thereby cause deeper wounds from an enterprise vulnerability perspective.

"Anyone can access these services, and for short money, execute a DDoS campaign," Stephanie Weagle, vice president of Corero Network Security, told SecurityNow. "There is no coding or sophisticated technical knowledge required. The motivations are wide raging -- political, hacktivism, extortion, cyber warfare, and even more simply, notoriety. Coupled with the ease of accessing DDoS-for-hire services, there is really no limit to this threat."

According to the DDoS and Internet availability specialist, the rate of DDoS attacks has doubled in the last six months, with eight attacks a day versus four at the beginning of the year. With a 35% increase in attacks per quarter this year, the worrying stat in Corero's latest report is that there's an accompanying rise of about 70% in attacks that last less than ten minutes.

More effective attacks
New high frequency, low volume attacks are so quick that they will stress teams already freaked out by the risk of mass outage damage which still occurs through regular DDoS. Business losses as such are subjective and vary, but it's the success rate of these new hit-and-run tactics that will cause alarm.

"With the average attack lasting less than ten minutes in duration, [an enterprise's] proactive mitigation tools must be able to detect and mitigate instantly," said Weagle. "Low volume, short duration, frequent attacks don't leave any room for human intervention, or [even] a prompt to swing bad traffic to cloud scrubbing operations. Further, neither an intrusion prevention system nor a firewall will protect you."

Effectively, when a firewall threshold limit is reached, every application and every ID using that port gets blocked, causing an outage. Bad actors know this is efficacious when blocking both good users along with attackers, because network and application availability is affected.

More frequent risks
DDoS is becoming the Red Herring and beachhead of more sophisticated, more penetrative attacks. "Once a DDoS attack is underway, security personnel are often distracted by the DDoS traffic," said Weagle, "These attacks act as a diversion tactic, distracting IT teams from the breach that's taking place, which could involve data being exfiltrated, networks being mapped for vulnerabilities, or a whole host of other potential risks."

Alongside the proliferation of DDoS-for-hire services which widen attack options to -- exceptionally -- those with no technical knowledge, attacks are being packaged and therefore usage accelerated, allowing agents to purchase, then "push the green button" and watch the results. "This is particularly true in light of automated attacks, which allow attackers to switch vectors faster than any human or traditional IT security solution can respond," said Weagle.

In fact, anyone needing a DDoS service need only seemingly outstretch their shopping cart. DDoS-for-hire services have numerically increased and also matured to the point where they're commercialized, are available via mobile platforms, and even offer discount schemes and loyalty points.

The dawn of RDos
Corero's customers have reported a negative trend in the last two quarters, where two brutal attacks have been observed for the first time. One is a sophisticated multi-vector attack, aimed to deceive and overrun traditional IT security measures. In other words, an attack that occupies resources while the critical attack comes in through the side door. Second are crippling service flood attacks which consume bandwidth at the target, resulting in service outages, downtime and latency; it turns a sprint to secure the enterprise into a three-legged race.

Right now, DDoS proficients will not always launch an attack. They may run a ransom threat in advance of an attack in the hopes of an easy dollar. That's a powerful financial leveraging of a threat considering that a tough DDoS attack can be launched through a for-hire organization for as little as $100. As usual with ransom, it's a numbers game but even so, some enterprises must be tempted to pay up in the face of an unknown DDoS attack magnitude.

"Forget the ransom, implement a layered defense strategy with dedicated DDoS mitigation technology," said Weagle.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
A Patriotic Solution to the Cybersecurity Skills Shortage
Adam Benson, Senior VP, Vrge Strategies,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.