We recently reported how an attacker leveraged the servers of anti-DDoS services to launch a massive DDoS attack. This signifies a shift in the DDoS landscape, with the attacks getting more sophisticated. Here’s a bird’s eye view of this particular mode of cyber attack.
Distributed Denial-of-Service (DDoS) are quite easy to launch. An attacker needs access to a sizable botnet network, computers turned into slaves and sending requests to the target at his command. By using this network, the attacker launches a barrage of requests to the target machine and overwhelms it, thus either making it inaccessible to other users or managing to crash it altogether.
In the past, DDoS attacks have taken down sites, targeted banks and other financial organizations, and in all cost the victims millions of dollars. The tricky part is that attackers are now increasingly using DDoS attacks to distract the digital security team of a given organizations, so that they can meanwhile inject malware. Once the malware is injected into the target network, attackers can then accomplish a whole lot of tasks, including stealing sensitive information, erasing or altering data and even making the target network a part of the wider botnet.
This is substantiated by hard facts. Back in 2013, nearly 55% of DDoS victims also reported data theft while 49% stated that the attackers installed a malware or a virus on their machines during the DDoS attack.
The big question is, is there an effective cure to the DDoS attacks, especially at the scale we have recently witnessed. For instance, in the example mentioned at the start of the article, 1.5 billion requests per minute were launched to overwhelm the target machines. This has sounded alarm bells in the digital security community.
However, Shay Rapport of the security firm Fireblade, says that we need to look differently at the numbers. Speaking about the latest major DDoS attack, he says, “If the attacked resource was a web server, DNS requests and UDP traffic would normally be blocked by any standard firewall. Therefore, the figure presented, of how many (meaningless) DNS requests were made is irrelevant. Those requests are “noise” and the only figure that can reflect the volume of the attack would be the Gbps at its peak and whether it could overwhelm the attacked network infrastructure (volumetric attack). Unfortunately this figure has not been exposed.”
Rapport’s company is leading the charge in devising cutting-edge anti-DDoS solutions. Given the looming threat, there is a pertinent need to devise better tools of monitoring the DDoS attacks in real-time. Multiple solutions should be available to counter different DDoS scenarios so that the security tools can be adapted to the specific kind of attack that is being launched. Such improvisation is the critical need of the hour.