Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/26/2019
02:00 PM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

DDoS: An Underestimated Threat

Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.

On the flip side of the proliferation of Internet of Things (IoT) devices, the quest for increased connectivity and bandwidth (think 5G) and skyrocketing cloud adoption, IT is increasingly being weaponized to unleash cyberattacks in an unprecedented order of magnitude. Coupled with the emergence and anonymous nature of both the Dark Web and cryptocurrencies, illicit transactions have never been easier or more convenient. Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. They have advanced from mere botnet-based approaches to artificial intelligence (AI) and data-driven models.

Scholars at the University of Cambridge last year published a research note describing how they used data science to shed light on criminal pathways and ferret out the key players linked to illegality in one of the biggest and oldest underground forums. Perhaps surprisingly, they found that most cybercrime is committed by people who aren't technical geniuses. Many of them offer so-called "booter" services — basically, they're hired DDoS guns — and they have become so widespread that they even include school-age children.

While not all of these attacks are spotlighted in the media, they cause significant financial blowback for companies in the form of paid-out ransoms, business downtime, lost revenue, and reputational losses, among other costs. This havoc is perpetrated by the members of a busy underground economy where cyberattack services are traded and monetized.

Attacks on the Rise
Europol's "Internet Organised Crime Threat Assessment 2019" report outlines how DDoS attacks are among the biggest threats reported in the business world. The favorite DDoS targets of criminals in 2019 were banks and other financial institutions, along with public organizations such as police departments and local governments. Travel agents, Internet infrastructure, and online gaming services were also in the cybercriminals' crosshairs. Some arrests were made, but they had no noticeable impact on the growth rate of DDoS attacks or on the Dark Web infrastructure that makes them possible, according to Europol.

While many DDoS attacks go unreported and unnoticed, some are making the news. In October, a major DDoS attack roughly eight hours long struck Amazon Web Services (AWS), making it impossible for users to connect because AWS miscategorized their legitimate customer queries as malicious. Google Cloud Platform experienced a range of problems at about the same time, but the company says the incident was unrelated to DDoS. A few weeks earlier, a number of DDoS attacks crippled an ISP in South Africa for an entire day.

Everybody Is Vulnerable
Interestingly, it's not just legitimate organizations that are plagued with DDoS attacks. Anyone familiar with Dark Web market listing service will know that markets are usually listed with an "uptime," with the main reason for any downtime being DDoS attacks.

These hidden services are open to DDoS attacks because of certain characteristics of the Tor browser, which is commonly used to access the Dark Web. Earlier this year, the three biggest Dark Web markets all suffered serious and extended DDoS attacks. The operators of Dream Market were reportedly taken for $400,000, which illustrates that even the criminals are vulnerable to attacks by DDoS extortionists.

APIs Move into the Spotlight
But the DDoS problem is moving beyond infrastructure. As part of their digital strategy, many organizations are turning to cloud-native applications, and — as part of the Fourth Industrial Revolution — manufacturing, logistics, and utility companies are equipping their production lines, warehouses, factories, and other facilities with wireless connectivity and sensors. Each of these require an API in order to work.

However, while APIs simplify architecture and delivery, they can also become bottlenecks that open up companies to a spectrum of risks and vulnerabilities. When a business-critical application or API is compromised, it knocks out all the operations related to the business and initiates a chain reaction. Thus, simply protecting OSI layers 3/4 is no longer sufficient; layer-7 attacks create more damage with less total bandwidth.

Job #1: Building Cyber Resilience
In digital business, there is no room for outages. That's why organizations of all sizes must do everything they can to safeguard the resilience, integrity, and uptime of their digital platforms and services. As network bandwidth and computing power multiply, they enable black hats to leverage the increased resources to launch more powerful attacks. DDoS against national infrastructure networks can wreak major real-life havoc and shut down access to the services that grease the wheels of our economy and society. The US Department of Homeland Security (DHS) reports that in the past five years the size of attacks has increased by a factor of 10, and that "it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale."

Upgrading the Arsenal
The increase in attack frequency, added risk of APIs, and cost of downtime have combined to create a threat greater than the sum of its parts. This evolution of the threat landscape necessitates a similar evolution in defense methods. An organization would be naive to think that the preparedness posture that worked a decade ago can still work unchanged against modern threats.

"To address the increased frequency of attack, a modern defense must be efficient," says Andrew Shoemaker, a DDoS veteran and founder of NimbusDDoS, a pen-testing provider that vets DDoS mitigation solutions. "This means embracing automated mitigation approaches, and moving away from slow manual processes," he adds. "Manual approaches may have been effective in the past when an organization was only attacked a few times per year, but the administrative burden of manual mitigation becomes overwhelming when attacks are happening monthly or weekly."

Related Content:

 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Home Safe: 20 Cybersecurity Tips for Your Remote Workers."

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Breana
50%
50%
Breana,
User Rank: Apprentice
4/29/2020 | 4:24:18 AM
Great!
Thanks for sharing this interesting and useful info, glad to know this.
AnnaS.
50%
50%
AnnaS.,
User Rank: Apprentice
4/20/2020 | 10:20:32 AM
Nice post
Great information, it's a useful one. Thanks for this post.| customxmlittlerock.com

 

 

 
joshuaprice153
50%
50%
joshuaprice153,
User Rank: Apprentice
12/11/2019 | 2:04:17 AM
DDoS: An Underestimated Threat
Good to know that the previous bug has been fixed now and it's working great on my droid, too! Thanks for this useful entry! computer repair Ocala
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2019 | 1:52:17 PM
Automation
This means embracing automated mitigation approaches, and moving away from slow manual processes," Obviously automation is the key for this rather than a manual process. Manual process would be outdated very shortly.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2019 | 1:49:42 PM
Future
that "it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale." Answer of this question is no, because we know there will be more technology advancement and more risks in the future. Better to keep up.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2019 | 1:47:13 PM
Disruption
The favorite DDoS targets of criminals in 2019 were banks and other financial institutions, along with public organizations such as police departments and local governments This gives us a clue, the main purpose of DDoS as being a disruption.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2019 | 1:44:59 PM
Cost of it
While not all of these attacks are spotlighted in the media, they cause significant financial blowback for companies in the form of paid-out ransoms, business downtime, lost revenue, and reputational losses, among other costs. This is surprising for me, I would expect any minute of downtime would cost a lot to any company.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2019 | 1:41:41 PM
Booters
Perhaps surprisingly, they found that most cybercrime is committed by people who aren't technical geniuses. Many of them offer so-called "booter" services It is not surprising at all. People tend to go to easy route if there is one.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/28/2019 | 1:39:13 PM
5G
5G and IoT will make DDoS more practical and impactful unfortunately. Of course any technology can be used for good or bad.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.