Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/4/2016
04:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Relentless DDoS Attack Incidents Raise Alarm For Businesses

Threat actors increasingly using DDoS tactics as a smokescreen to hide other malicious activity, Neustar report shows.

If there’s one thing consistent about DDoS attack trends over the past few years, it is just how predictable they have been.

Year after year, distributed denial-of-service (DDoS) attacks have grown relentlessly in number. And despite being a thoroughly researched and well-understood problem, they haven’t become any easier to handle. Recent reports from two security firms show that the situation has changed little in the past year -- and could be on the verge of becoming worse.

Neustar's new survey today of more than 1,000 CISOs, CTOs, CISOs and other security professionals shows that DDoS attack volumes remained consistently high through the year. Despite mitigation efforts, more than seven in 10 of the survey respondents said their companies had suffered a DDoS attack in the past year. An even bigger 85% of the victims claimed they had been hit more than once, while 44% had been attacked a startling five times or more.

Fueling the increase in attacks, at least to a certain extent, is the ready availability of DDoS-for-hire services that let threat actors launch attacks against targets for "less than the cost of a lunch," Neustar said in its report.

An Akamai report released last month highlighted a 129% increase in DDoS attacks in the second quarter of 2016 compared to the same period last year. Despite a handful of attacks that exceeded 100 Gbps in size and some that even topped 300 Gbps, the median size of DDoS attacks fell 36% to 3.85 Gbps.

In about half of the cases these days, threat actors are using DDoS attacks to try and distract security response teams from other attacks going on at the same time, says Joe Loveless, director of product marketing at Neustar.

"DDoS attacks are a successful smokescreen for other malicious attacks because they can overwhelm and preoccupy security response teams," Loveless says.

In particular, DDoS attacks that target the API, or the Web application resources of network devices including security management systems, can effectively render a security team blind to any other stealthy activity that might be going on, he says. "For example, malware from a phishing attempt may activate during a DDoS attack because the security team is unaware of it."

Not surprisingly, about 21% of the organizations that were hit with DDoS attacks also reported breaches involving loss of customer data. About 70% of them learned of the loss from external sources such as social media. About 37% of the victims discovered at least one malware sample that had been activated under cover of a DDoS attack.

Though the motivations for attacks tend to vary, the most common consequence of a DDoS flood continues to be service outage. Nearly 50% of the Neustar survey respondents said their organizations would lose $100,000 or more per hour if the DDoS attack happened during peak business hours. One-third pegged the number at $250,000 per hour.

Concerns over DDoS attacks—always in the background for most security professionals—have risen to the top in recent days as the result of two massive attacks involving the use of compromised IoT devices.

Both the attacks, one on KrebsOnSecurity's site involving over 600 Gbps of DDoS traffic, and the other on French ISP OVH that generated a staggering 1 Tbps flood, were generated from a botnet of infected consumer IoT systems.

The threat actor behind the attacks earlier this week publicly released his code for the attacks, prompting fears that more adversaries could start infecting Internet connected DVRs, IP cameras, and other IoT devices to wage DDoS attacks.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.