Distributed Denial-of-Service (DDoS) attacks are a regular tool used by cyber attackers to overwhelm a given target. These attacks typically involve a barrage of requests being sent to the target machine, usually through compromised computers. However, in recent attacks directed at websites of U.S. banks, hackers have started using other web servers as bots to bolster the bulk of DDoS traffic.
The recent round of DDoS attacks have been launched by a group called Izz ad-Din al-Qassam. The group claims that it is extracting revenge on the ‘capitalists’ because a video offensive to Muslims is uploaded on YouTube.
In launching the attacks, the group used PHP-based itsoknoproblembro and a number of other tools. What is rather surprising is that the group was able to send off a traffic to the tune of 40Gbps simultaneously to the website of multiple banks. The sheer size of the bad traffic is what is astonishing for security researchers.
However, a closer look has revealed that the attackers had hacked into web servers using security exploits and were then using them as bots to generate greater amounts of traffic. One case in point is that of a compromised UK website which was generating a lot of bad traffic as part of the DDoS attacks.
According to the security analyst Ronan Atias, “A closer look revealed that these intercepted requests were attempts to operate a backdoor and use the website as a bot— an unwilling foot soldier in a DDOS army.”
Atias goes on to state that the use of web servers as bots is becoming increasingly common, “This is just a part of a growing trend we’re seeing in our DDoS prevention work. In an attempt to increase the volume of the attacks, hackers prefer web servers over personal computers. It makes perfect sense.”
Whereas most banks’ websites are able to shield themselves from even the immense amounts of traffic generated by this group, this trend is worrisome in that attackers can leverage huge numbers of compromised web servers in the future to generate even greater amounts of traffic.
Courtesy: Threat Post