Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:00 PM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

DDoS: An Underestimated Threat

Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.

On the flip side of the proliferation of Internet of Things (IoT) devices, the quest for increased connectivity and bandwidth (think 5G) and skyrocketing cloud adoption, IT is increasingly being weaponized to unleash cyberattacks in an unprecedented order of magnitude. Coupled with the emergence and anonymous nature of both the Dark Web and cryptocurrencies, illicit transactions have never been easier or more convenient. Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. They have advanced from mere botnet-based approaches to artificial intelligence (AI) and data-driven models.

Scholars at the University of Cambridge last year published a research note describing how they used data science to shed light on criminal pathways and ferret out the key players linked to illegality in one of the biggest and oldest underground forums. Perhaps surprisingly, they found that most cybercrime is committed by people who aren't technical geniuses. Many of them offer so-called "booter" services — basically, they're hired DDoS guns — and they have become so widespread that they even include school-age children.

While not all of these attacks are spotlighted in the media, they cause significant financial blowback for companies in the form of paid-out ransoms, business downtime, lost revenue, and reputational losses, among other costs. This havoc is perpetrated by the members of a busy underground economy where cyberattack services are traded and monetized.

Attacks on the Rise
Europol's "Internet Organised Crime Threat Assessment 2019" report outlines how DDoS attacks are among the biggest threats reported in the business world. The favorite DDoS targets of criminals in 2019 were banks and other financial institutions, along with public organizations such as police departments and local governments. Travel agents, Internet infrastructure, and online gaming services were also in the cybercriminals' crosshairs. Some arrests were made, but they had no noticeable impact on the growth rate of DDoS attacks or on the Dark Web infrastructure that makes them possible, according to Europol.

While many DDoS attacks go unreported and unnoticed, some are making the news. In October, a major DDoS attack roughly eight hours long struck Amazon Web Services (AWS), making it impossible for users to connect because AWS miscategorized their legitimate customer queries as malicious. Google Cloud Platform experienced a range of problems at about the same time, but the company says the incident was unrelated to DDoS. A few weeks earlier, a number of DDoS attacks crippled an ISP in South Africa for an entire day.

Everybody Is Vulnerable
Interestingly, it's not just legitimate organizations that are plagued with DDoS attacks. Anyone familiar with Dark Web market listing service will know that markets are usually listed with an "uptime," with the main reason for any downtime being DDoS attacks.

These hidden services are open to DDoS attacks because of certain characteristics of the Tor browser, which is commonly used to access the Dark Web. Earlier this year, the three biggest Dark Web markets all suffered serious and extended DDoS attacks. The operators of Dream Market were reportedly taken for $400,000, which illustrates that even the criminals are vulnerable to attacks by DDoS extortionists.

APIs Move into the Spotlight
But the DDoS problem is moving beyond infrastructure. As part of their digital strategy, many organizations are turning to cloud-native applications, and — as part of the Fourth Industrial Revolution — manufacturing, logistics, and utility companies are equipping their production lines, warehouses, factories, and other facilities with wireless connectivity and sensors. Each of these require an API in order to work.

However, while APIs simplify architecture and delivery, they can also become bottlenecks that open up companies to a spectrum of risks and vulnerabilities. When a business-critical application or API is compromised, it knocks out all the operations related to the business and initiates a chain reaction. Thus, simply protecting OSI layers 3/4 is no longer sufficient; layer-7 attacks create more damage with less total bandwidth.

Job #1: Building Cyber Resilience
In digital business, there is no room for outages. That's why organizations of all sizes must do everything they can to safeguard the resilience, integrity, and uptime of their digital platforms and services. As network bandwidth and computing power multiply, they enable black hats to leverage the increased resources to launch more powerful attacks. DDoS against national infrastructure networks can wreak major real-life havoc and shut down access to the services that grease the wheels of our economy and society. The US Department of Homeland Security (DHS) reports that in the past five years the size of attacks has increased by a factor of 10, and that "it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale."

Upgrading the Arsenal
The increase in attack frequency, added risk of APIs, and cost of downtime have combined to create a threat greater than the sum of its parts. This evolution of the threat landscape necessitates a similar evolution in defense methods. An organization would be naive to think that the preparedness posture that worked a decade ago can still work unchanged against modern threats.

"To address the increased frequency of attack, a modern defense must be efficient," says Andrew Shoemaker, a DDoS veteran and founder of NimbusDDoS, a pen-testing provider that vets DDoS mitigation solutions. "This means embracing automated mitigation approaches, and moving away from slow manual processes," he adds. "Manual approaches may have been effective in the past when an organization was only attacked a few times per year, but the administrative burden of manual mitigation becomes overwhelming when attacks are happening monthly or weekly."

Related Content:


Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Home Safe: 20 Cybersecurity Tips for Your Remote Workers."

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
4/29/2020 | 4:24:18 AM
Thanks for sharing this interesting and useful info, glad to know this.
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.