The Growing Sophistication Of Distributed Attacks

Botnet and DDoS attacks growing more advanced and more crucial than ever to cybercriminal's attack strategies.

As the number of traditional distributed denial of service (DDoS) and botnet attacks keeps inching upward, attackers are also tinkering with the technology and strategy behind these attacks to supplement more advanced criminal assaults on organizations.

Several new reports out over the last few days paint an interesting picture of how these distributed attack patterns are converging.

First, as a level set, a report out today from Neustar shows that DDoS attack volumes and intensities are stronger than ever. The study showed that 73% of global brands reported a DDoS attack in 2015, and over eight in 10 corporations were struck by multiple DDoS attacks. In fact, 45% of organizations said they were hit by DDoS attacks six or more times last year.      

The study found that 42% of companies took three or more hours to detect a DDoS attack on their infrastructure and about half of organizations reported that an hour of outages related to DDoS racked up $100,000 in revenue loss. But outages are now just a small piece of the puzzle, the report relates. Approximately 57% of all incidents involving DDoS attacks resulted in some sort of theft, be it of customer data, intellectual property, or direct financial theft.  

Neustar's researchers say that while the early goals of DDoS was simply to take a website offline, these days attackers are increasingly using them as an important way to diversify their infiltration tactics. Attackers carry out a series of coordinated DDoS strikes to "keep the IT departments guessing where and when the next attack will take place," and use them to hide other attack techniques with the goal of a cyber heist.

“The findings of our most recent report are clear: attacks are unrelenting around the world, but organizations are now recognizing DDoS attacks for what they are -- an institutionalized weapon of cyber warfare," says Rodney Joffe, head of IT security research at Neustar.

Meanwhile, a report out yesterday from ThreatMetrix shows that attackers are getting creative about how they utilize the bot networks that power DDoS attacks to branch out into new attack patterns designed to look more like normal user behavior and are harder to detect. 

"Botnet attacks have evolved from just being large volume distributed denial of service (DDoS) or spam attacks, to low-and-slow bots, designed to evade rate and security control measures and mimic trusted customer behavior / login patterns," the report explained.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

For example, ThreatMatrix researchers have been tracking the trend of fraudsters utilizing botnets to take lists of stolen user credentials acquired from the Dark Web in order to launch wide-scale credential-testing sessions among e-commerce merchants. These attacks will cause huge transaction spikes over the course of a few days, but at that point, the attackers will have a curated list of known good password and login combinations that they can use on other sites to launch lower-intensity attacks.

"These attacks are particularly hard to detect because they aren’t always picked up by traditional rate control measures. Our normal lines of defense just aren’t working. Businesses need a smarter approach that can differentiate between a human and a bot the moment they start to transact,” says Vanita Pandey, vice president, strategy and product marketing at ThreatMetrix.

Researchers with Forcepoint today also hinted at investigations they're making into botnet advancement with some early details of an on-going botnet campaign called JAKU, which they say is helping attackers better target attacks on specific victims in order to steal data

"JAKU herds victims en masse and conducts highly targeted attacks on specific victims through the execution of concurrent operational campaigns," explains the Forcepoint 2016 Global Threat Report.

Forcepoint says JAKU has claimed 19,000 victims across 134 countries so far, but technical details are still forthcoming next month from the firm.

Related Content:



About the Author(s)

Ericka Chickowski, Contributing Writer

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights