Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
01:21 PM
Simon Marshall
Simon Marshall
Simon Marshall

DDoS Attacks Trend in a Bad Direction

DDoS attacks aren't going away; they're becoming larger, more frequent and more frequently used in conjunction with other attacks.

DDoS attacks are beginning to hit harder and score higher. The frequency of attacks is dramatically increasing, attack vectors are alternating and -- most importantly -- they're being used strategically by hackers as a distraction from more penetrating attacks that carry greater business risk.

Our "friend" DDoS has blown through teenage years and is suddenly all grown-up. DDoS-for-hire services are becoming more common, more readily accessible, and less expensive. Attacks are now campaigns that lead with denial of service, or even Ransom Denial of Service (RDoS), but which terminate with a ruthless efficiency determined to distract threat detection from malware and thereby cause deeper wounds from an enterprise vulnerability perspective.

"Anyone can access these services, and for short money, execute a DDoS campaign," Stephanie Weagle, vice president of Corero Network Security, told SecurityNow. "There is no coding or sophisticated technical knowledge required. The motivations are wide raging -- political, hacktivism, extortion, cyber warfare, and even more simply, notoriety. Coupled with the ease of accessing DDoS-for-hire services, there is really no limit to this threat."

According to the DDoS and Internet availability specialist, the rate of DDoS attacks has doubled in the last six months, with eight attacks a day versus four at the beginning of the year. With a 35% increase in attacks per quarter this year, the worrying stat in Corero's latest report is that there's an accompanying rise of about 70% in attacks that last less than ten minutes.

More effective attacks
New high frequency, low volume attacks are so quick that they will stress teams already freaked out by the risk of mass outage damage which still occurs through regular DDoS. Business losses as such are subjective and vary, but it's the success rate of these new hit-and-run tactics that will cause alarm.

"With the average attack lasting less than ten minutes in duration, [an enterprise's] proactive mitigation tools must be able to detect and mitigate instantly," said Weagle. "Low volume, short duration, frequent attacks don't leave any room for human intervention, or [even] a prompt to swing bad traffic to cloud scrubbing operations. Further, neither an intrusion prevention system nor a firewall will protect you."

Effectively, when a firewall threshold limit is reached, every application and every ID using that port gets blocked, causing an outage. Bad actors know this is efficacious when blocking both good users along with attackers, because network and application availability is affected.

More frequent risks
DDoS is becoming the Red Herring and beachhead of more sophisticated, more penetrative attacks. "Once a DDoS attack is underway, security personnel are often distracted by the DDoS traffic," said Weagle, "These attacks act as a diversion tactic, distracting IT teams from the breach that's taking place, which could involve data being exfiltrated, networks being mapped for vulnerabilities, or a whole host of other potential risks."

Alongside the proliferation of DDoS-for-hire services which widen attack options to -- exceptionally -- those with no technical knowledge, attacks are being packaged and therefore usage accelerated, allowing agents to purchase, then "push the green button" and watch the results. "This is particularly true in light of automated attacks, which allow attackers to switch vectors faster than any human or traditional IT security solution can respond," said Weagle.

In fact, anyone needing a DDoS service need only seemingly outstretch their shopping cart. DDoS-for-hire services have numerically increased and also matured to the point where they're commercialized, are available via mobile platforms, and even offer discount schemes and loyalty points.

The dawn of RDos
Corero's customers have reported a negative trend in the last two quarters, where two brutal attacks have been observed for the first time. One is a sophisticated multi-vector attack, aimed to deceive and overrun traditional IT security measures. In other words, an attack that occupies resources while the critical attack comes in through the side door. Second are crippling service flood attacks which consume bandwidth at the target, resulting in service outages, downtime and latency; it turns a sprint to secure the enterprise into a three-legged race.

Right now, DDoS proficients will not always launch an attack. They may run a ransom threat in advance of an attack in the hopes of an easy dollar. That's a powerful financial leveraging of a threat considering that a tough DDoS attack can be launched through a for-hire organization for as little as $100. As usual with ransom, it's a numbers game but even so, some enterprises must be tempted to pay up in the face of an unknown DDoS attack magnitude.

"Forget the ransom, implement a layered defense strategy with dedicated DDoS mitigation technology," said Weagle.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file