Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV

11/27/2017
01:21 PM
Simon Marshall
Simon Marshall
Simon Marshall
50%
50%

DDoS Attacks Trend in a Bad Direction

DDoS attacks aren't going away; they're becoming larger, more frequent and more frequently used in conjunction with other attacks.

DDoS attacks are beginning to hit harder and score higher. The frequency of attacks is dramatically increasing, attack vectors are alternating and -- most importantly -- they're being used strategically by hackers as a distraction from more penetrating attacks that carry greater business risk.

Our "friend" DDoS has blown through teenage years and is suddenly all grown-up. DDoS-for-hire services are becoming more common, more readily accessible, and less expensive. Attacks are now campaigns that lead with denial of service, or even Ransom Denial of Service (RDoS), but which terminate with a ruthless efficiency determined to distract threat detection from malware and thereby cause deeper wounds from an enterprise vulnerability perspective.

"Anyone can access these services, and for short money, execute a DDoS campaign," Stephanie Weagle, vice president of Corero Network Security, told SecurityNow. "There is no coding or sophisticated technical knowledge required. The motivations are wide raging -- political, hacktivism, extortion, cyber warfare, and even more simply, notoriety. Coupled with the ease of accessing DDoS-for-hire services, there is really no limit to this threat."

According to the DDoS and Internet availability specialist, the rate of DDoS attacks has doubled in the last six months, with eight attacks a day versus four at the beginning of the year. With a 35% increase in attacks per quarter this year, the worrying stat in Corero's latest report is that there's an accompanying rise of about 70% in attacks that last less than ten minutes.

More effective attacks
New high frequency, low volume attacks are so quick that they will stress teams already freaked out by the risk of mass outage damage which still occurs through regular DDoS. Business losses as such are subjective and vary, but it's the success rate of these new hit-and-run tactics that will cause alarm.

"With the average attack lasting less than ten minutes in duration, [an enterprise's] proactive mitigation tools must be able to detect and mitigate instantly," said Weagle. "Low volume, short duration, frequent attacks don't leave any room for human intervention, or [even] a prompt to swing bad traffic to cloud scrubbing operations. Further, neither an intrusion prevention system nor a firewall will protect you."

Effectively, when a firewall threshold limit is reached, every application and every ID using that port gets blocked, causing an outage. Bad actors know this is efficacious when blocking both good users along with attackers, because network and application availability is affected.

More frequent risks
DDoS is becoming the Red Herring and beachhead of more sophisticated, more penetrative attacks. "Once a DDoS attack is underway, security personnel are often distracted by the DDoS traffic," said Weagle, "These attacks act as a diversion tactic, distracting IT teams from the breach that's taking place, which could involve data being exfiltrated, networks being mapped for vulnerabilities, or a whole host of other potential risks."

Alongside the proliferation of DDoS-for-hire services which widen attack options to -- exceptionally -- those with no technical knowledge, attacks are being packaged and therefore usage accelerated, allowing agents to purchase, then "push the green button" and watch the results. "This is particularly true in light of automated attacks, which allow attackers to switch vectors faster than any human or traditional IT security solution can respond," said Weagle.

In fact, anyone needing a DDoS service need only seemingly outstretch their shopping cart. DDoS-for-hire services have numerically increased and also matured to the point where they're commercialized, are available via mobile platforms, and even offer discount schemes and loyalty points.

The dawn of RDos
Corero's customers have reported a negative trend in the last two quarters, where two brutal attacks have been observed for the first time. One is a sophisticated multi-vector attack, aimed to deceive and overrun traditional IT security measures. In other words, an attack that occupies resources while the critical attack comes in through the side door. Second are crippling service flood attacks which consume bandwidth at the target, resulting in service outages, downtime and latency; it turns a sprint to secure the enterprise into a three-legged race.

Right now, DDoS proficients will not always launch an attack. They may run a ransom threat in advance of an attack in the hopes of an easy dollar. That's a powerful financial leveraging of a threat considering that a tough DDoS attack can be launched through a for-hire organization for as little as $100. As usual with ransom, it's a numbers game but even so, some enterprises must be tempted to pay up in the face of an unknown DDoS attack magnitude.

"Forget the ransom, implement a layered defense strategy with dedicated DDoS mitigation technology," said Weagle.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...