Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Anonymous Group Abandoning DDoS Attacks

Operation Payback never rated as more than a nuisance, according to Arbor Networks' analysis of 5,000 confirmed DDoS attacks over the past year at large carriers.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)

The Operation Payback distributed denial of service (DDoS) attack is declining. Furthermore, the small scale and low sophistication of the attack has meant that almost any Internet service provider should have been able to block it.

Those findings come from Craig Labovitz, chief scientist at Arbor Networks, who on Tuesday detailed what Arbor is billing as the biggest-ever study of real DDoS attack data, comprising 5,000 confirmed attacks over the past year that affected 37 large carriers and content providers around the world.

Even at its peak, Operation Payback was "more of an annoyance than an imminent critical infrastructure threat," said Labovitz, who likened it not to "cyber war," as some have characterized it, but rather simple "cyber-vandalism." "While the last round of attacks lead to brief outages, most of the carriers and hosting providers were able to quickly filter the attack traffic. In addition, these attacks mostly targeted Web pages or lightly read blogs -- not the far more critical back-end infrastructure servicing commercial transactions."

As suggested by the Anonymous collective's recent shift to sending faxes to their target companies, "by the end of [last] week, Anonymous followers had mostly abandoned their attack plans as ineffective," he said.

Beyond Operation Payback, the Arbor study offers new insights into DDoS trends and attacks, gleaned from data that Arbor began measuring in its own products two years ago, as well as by collecting anonymous ATLAS statistics, which are available from about 75% of all Internet carriers.

For grading DDoS attacks, Arbor classifies each based on its scale and sophistication. "At the high end in 2010, we observed a number of DDoS attacks in the 50+ Gbps range," said Labovitz. These large, flooding attacks comprised 60% of all confirmed DDoS attacks in 2010, and are typically designed "to exceed the inbound aggregate bandwidth capacity of data centers and carrier backbone links" by overwhelming them with packets, he said.

Meanwhile on the low end, comprising 27% of attacks, "we encounter attacks focused not on denying bandwidth, but the back-end computation, database, and distributed storage resources of large Web services," he said. "For example, service or application level attacks may focus on a series of Web or API calls that force an expensive database transaction or calls to slow storage servers."

In other words, overwhelm servers, applications, SIP, HTTP or TCP state not with volume, but rather the right kinds of calls, and DDoS attacks can succeed through sophistication, rather than scale.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.