Over the past few years, we have seen DDoS attacks grow from benign tools of angry hackers to sophisticated methods of harming target servers. Now, an attacker was somehow able to exploit anti-DDoS services and use them to launch a DDoS attack with 1.5 billion requests per minute.
The sheer scale of this particular DDoS attack is extraordinary. With such a huge barrage of requests per minute, an attack like this can easily known down any poorly secured servers. Even a well-secured network may be engaged and rendered inaccessible by such a sophisticated DDoS attack.
The notable security firm Incapsula unveiled this fresh spate of next-generation DDoS attacks. The company revealed that the attacker in this case made use of two anti-DDoS services to amplify the magnitude of his attack. This is fairly astonishing because anti-DDoS services are primarily meant to stop these attacks, not add fuel to them.
The attacker used a DNS DDoS attack and was able to send a whopping 630 billion requests to the target machines over a duration of 7 hours. The choice of the attack is interesting because attackers typically use DNS amplification to increase the scale of their requests. But in this case, the attacker already seems to have a huge botnet infrastructure at his disposal, which enabled him to launch billions of requests per minute.
Incapsula later found out that the servers used by the attacker belong to anti-DDoS services, one based in Canada and the other in China. Both services were entirely unaware of the attack and only after Incapsula notified them did they take any action to mitigate the vulnerability.
According to Incapsula researchers, “Malicious misuse of security solutions is anything but new. However, this is the first time we encountered ‘rogue’ scrubbing servers used to carry out large-scale DDoS attacks. This fact, combined with the inherent danger of non-amplified DNS floods, is what makes these attacks so devastatingly dangerous.’
These researchers warn that if an attacker is able to leverage such an immense botnet infrastructure, imagine what he can do with a DNS amplification attack which increases the volume of the attack by 300% to 1000%. The thought is worrying for the security firms who have long tried to keep DDoS attacks at bay.
Incapsula itself has a comprehensive set of solutions to combat DDoS attacks, although the company has incurred criticism for certain failures in the past. Another major anti-DDoS services provider is Strixus by Massive, a solution used by a huge number of banks, government bodies and leading companies all over the world. With the increase in the complexity of DDoS attacks, there is also an imminent need to combat them with more sophisticated tools.
Strixus offers such ‘cyber monitoring’ by keeping a real-time track of the threats and in case an attack happens, it keeps track of the methods and techniques used by the attacker. Major organizations such as banks are particularly vulnerable today to DDoS attacks. This is because they can’t afford to be knocked offline, even for a few minutes, and that is precisely the weakness that attackers tend to exploit.
The CEO of Massive, Brook Zimmatore, says that intelligence agencies need to redefine their priorities in the light of this rising menace of digital security risks. According to him, “The majority of the US economy could be protected from cyber criminal activity if the unified force of all US intelligence departments and agencies shifted their focus to protecting the digital infrastructure of the country.”
At the end of the day, this latest and massive DDoS attack should be enough of an eye-opener for security researchers. The DDoS party has seriously tuned up its arsenal and are using what we can call next-generation DDoS tactics. It is about time the digital security tools reciprocated by significantly upping their game.
Courtesy: The Hacker News