IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Online Denial of Service Attacks Are a Growing Concern

Distributed denial of service (DDoS) attacks are accelerating around the globe. A new report highlights that the scale of the cyberdefense problem is growing. What can be done?

shutterstock DDoS.jpg
credit: shutterstock
Last year, millions of Australians were unable to fill out mandatory Census online data forms because the government website was slammed by a distributed denial of service (DDoS) attack. It now appears that the Australian Bureau of Statistics (ABS) was overconfident in their ability to stop a DDoS, since the online website was brought down for several days by what is now considered to be a relatively small DDoS attack.

More recently, as reported by SC Magazine UK, government servers were forced offline in Luxembourg when they came under a DDoS attack.

Describing that situation, Stephanie Weagle, vice president of Corero Network Security, told SC Media UK that DDoS attacks have become many things over the last decade: weapons of cyberwarfare, security breach diversions and service-impacting strategies.

“The motivations for these attack campaigns are endless — financial, political, nation-state, extortion and everything in between,” she said.

Weagle added: "Continuing to rely on traditional IT security solutions, and/or human intervention to deal with the growing DDoS epidemic will continue to prove devastating to businesses. As recent events have confirmed once again, proactive, automated protection is required to keep the Internet-connected business available in the face of DDoS attacks.”

Back in the USA last year, Anonymous Legion claimed responsibility for DDoS attack that brought down the Minnesota Courts website for 10 days.

By the Numbers From Imperva

Are these DDoS examples typical of governments and businesses around the world? Our enterprise cyberdefenses lacking in their preparation to handle a new generation of more powerful online denial of service attacks?

Only time will tell, but data suggests that attacks are growing more sophisticated and many organizations are not prepared.

A new report by Imperva underscores the rapid evolution of DDoS capabilities over the past year. The report also shows that the number of DDoS attacks continues to escalate, with a shift in the threat landscape being driven by new Internet of Things (IoT) botnets and a declining cost of DDoS-for-hire capabilities.

Key findings include:

  • Network layer attacks hit record heights — In December, a massive 650 Gbps network layer assault was reported — the largest ever mitigated by the Imperva Incapsula service
  • Application layer attacks became more common — The number of attacks in Q4 reached an all-time high, with an average of 889 application layer assaults per week
  • Attack frequency scaled up — On average, 58.3 percent of websites were targeted more than once, with 13.1 percent being targeted more than 10 times
  • China continued to be a hub of botnet activity — Some 78.5 percent of DDoS attacks worldwide originated from IPs in China
  • US, UK and Netherlands top the attacked country list, drew 74.9 percent of all attacks

This infographic from the report offers some helpful details to share with management regarding the current DDoS threat landscape.

Back to Definitions: Three or 12 Types of DDoS Attacks?

This article from WHNT explains more background on DDoS attacks and suggests that there are three major types:

  • Volumetric: Most common. Sends a large amount of Internet traffic to the host server simultaneously.
  • Amplification: Sends a high volume of traffic using large packets of data. Requires fewer “zombie” or compromised computers to accomplish the same task as a volumetric DDoS attack.
  • Resource Depletion: Makes multiple requests through multiple ports or entry points into the targeted server until its capacity is exceeded
Offering more specific details, Rivalhost explains 12 different types of DDoS attacks in this article from their website. (You can see the details on each type by going to their Web page.)

  • UDP Flood
  • SYN Flood
  • Ping of Death
  • Reflected Attack
  • Peer-to-Peer Attacks
  • Nuke
  • Slowloris
  • Degradation of Service Attacks
  • Unintentional DDoS
  • Application Level Attacks
  • Multi-Vector Attacks
  • Zero Day DDoS
This brief video describes the IoT DDoS attack on Dyn from late 2016.

What Can Be Done?

Forbes magazine online recently offered nine ways to protect your business from DDoS attacks. The details are at the website, but a few of their nine items include:

  • Choose the right hosting partners
  • Monitor your traffic
  • Set strong, custom passwords
  • Have the right company policies in place
Many governments partner with companies like AT&T to stop DDoS attacks before they happen. Here’s a perspective from AT&T’s Dwight Davis:

Last October, long-standing predictions that the burgeoning Internet of Things (IoT) would form a launching pad for new cyberattacks hit home in a big way. As many as 100,000 malware-infected IoT devices flooded two major internet service providers with superfluous traffic in a broad distributed denial of service (DDoS) attack. Among the many commercial websites impacted were Twitter, Amazon and Netflix. …

The AT&T Cybersecurity Insights report The CEO’s Guide to Data Security sheds light upon the amount of suspicious activity directed against IoT devices. During the first half of 2016, AT&T tracked a 400 percent increase in scans of IoT devices — a clear sign that these devices were being probed for vulnerabilities and for possible attack or “recruitment.” With the number of IoT devices expected to grow from about 6 billion last year to more than 20 billion by 2020, this mushrooming IT sector presents an irresistible attack target for hackers, thieves and others of ill intent. 

Final Thoughts

The Mirai botnet of 2016 taught us that IoT devices can be used to attack others on the Internet. There have certainly been other proclaimed Mirai successors that will likely emerge - threatening to do even more online damage.

When we add in the dramatic rise of hacktivism globally that made 2016 the year that hacktivists "stole the show," you can better understand what a dangerous problem DDoS attacks have now become. Indeed, PC World recently asked if DDoS attacks are a valid form of protest. While most people in law enforcement will emphatically say “NO,” a growing part of the hacker community disagrees.

But regardless of your views regarding the ethical implications of using DDoS attacks for conducting online protests, the reality is that more hackers are using DDoS attacks with a new generation of tools. Methods continue to evolve in ways that are more sophisticated and dangerous to global enterprises.

Your online business depends on your portal availability and end user response times, and DDOS attacks against public- and private-sector organizations are a growing concern.  

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.