Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/26/2016
02:39 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

The Growing Sophistication Of Distributed Attacks

Botnet and DDoS attacks growing more advanced and more crucial than ever to cybercriminal's attack strategies.

As the number of traditional distributed denial of service (DDoS) and botnet attacks keeps inching upward, attackers are also tinkering with the technology and strategy behind these attacks to supplement more advanced criminal assaults on organizations.

Several new reports out over the last few days paint an interesting picture of how these distributed attack patterns are converging.

First, as a level set, a report out today from Neustar shows that DDoS attack volumes and intensities are stronger than ever. The study showed that 73% of global brands reported a DDoS attack in 2015, and over eight in 10 corporations were struck by multiple DDoS attacks. In fact, 45% of organizations said they were hit by DDoS attacks six or more times last year.      

The study found that 42% of companies took three or more hours to detect a DDoS attack on their infrastructure and about half of organizations reported that an hour of outages related to DDoS racked up $100,000 in revenue loss. But outages are now just a small piece of the puzzle, the report relates. Approximately 57% of all incidents involving DDoS attacks resulted in some sort of theft, be it of customer data, intellectual property, or direct financial theft.  

Neustar's researchers say that while the early goals of DDoS was simply to take a website offline, these days attackers are increasingly using them as an important way to diversify their infiltration tactics. Attackers carry out a series of coordinated DDoS strikes to "keep the IT departments guessing where and when the next attack will take place," and use them to hide other attack techniques with the goal of a cyber heist.

“The findings of our most recent report are clear: attacks are unrelenting around the world, but organizations are now recognizing DDoS attacks for what they are -- an institutionalized weapon of cyber warfare," says Rodney Joffe, head of IT security research at Neustar.

Meanwhile, a report out yesterday from ThreatMetrix shows that attackers are getting creative about how they utilize the bot networks that power DDoS attacks to branch out into new attack patterns designed to look more like normal user behavior and are harder to detect. 

"Botnet attacks have evolved from just being large volume distributed denial of service (DDoS) or spam attacks, to low-and-slow bots, designed to evade rate and security control measures and mimic trusted customer behavior / login patterns," the report explained.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

For example, ThreatMatrix researchers have been tracking the trend of fraudsters utilizing botnets to take lists of stolen user credentials acquired from the Dark Web in order to launch wide-scale credential-testing sessions among e-commerce merchants. These attacks will cause huge transaction spikes over the course of a few days, but at that point, the attackers will have a curated list of known good password and login combinations that they can use on other sites to launch lower-intensity attacks.

"These attacks are particularly hard to detect because they aren’t always picked up by traditional rate control measures. Our normal lines of defense just aren’t working. Businesses need a smarter approach that can differentiate between a human and a bot the moment they start to transact,” says Vanita Pandey, vice president, strategy and product marketing at ThreatMetrix.

Researchers with Forcepoint today also hinted at investigations they're making into botnet advancement with some early details of an on-going botnet campaign called JAKU, which they say is helping attackers better target attacks on specific victims in order to steal data

"JAKU herds victims en masse and conducts highly targeted attacks on specific victims through the execution of concurrent operational campaigns," explains the Forcepoint 2016 Global Threat Report.

Forcepoint says JAKU has claimed 19,000 victims across 134 countries so far, but technical details are still forthcoming next month from the firm.

Related Content:

 

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .