DDoS attacks soar as cyber-criminals hit Basecamp

Distributed-denial-of-service attacks are being bigger and more common, with Prolexic saying that these attacks are exceeding 100 Gbps on a regular basis.

DDoS attacks are expected to be even bigger news in 2014
DDoS attacks are expected to be even bigger news in 2014

A new report claims there were almost 278 DDoS attacks taking place every hour against major companies around the world. 

In parallel with this, Basecamp, the veteran web-based online collaboration and project management service, was hit a massive DDoS attack on Monday, with the cybercriminals asking for a ransom to stop the attack. 

The report from NSFocus Information Technology analysed almost a quarter of a million DDoS attacks in Tier-1 and Tier-2 data centres operated by ISPs and major companies throughout 2013. The DDoS analysis and remediation specialist says that DDoS attacks are now frequently being used to hide APT attacks.

In addition, the company says that DDoS amplifications attacks are also on the rise and are continuing to be a challenge for all business internet users, owing to the volume of data generated. 

The problem with DDoS attacks, reveals the report, is that anyone with an internet connection and a credit card can now pay for an attack to take place - a trend that the report calls `Hackernomics' and typically involves sophisticated techniques designed to inflict the maximum amount of damage using the fewest resources. 

NSFocus' analysis backs up another report from Prolexic Technologies, which earlier this month issued a high threat alert to its clients, warning that high-bandwidth NTP amplification DDoS attacks have soared by more than 370 per cent during February. 

The company says the attack methodology has surged in popularity this year, driven by the availability of new DDoS toolkits that make it simple to generate high-bandwidth, high-volume DDoS attacks against online targets. 

“During the month of February, we saw the use of NTP amplification attacks surge 371 per cent against our client base,” said Stuart Scholly, Prolexic's general manager of security, who added that the largest attacks seen so far this year have all been NTP amplification attacks. 

Prolexic says that a number of new DDoS attack toolkits have made it easier for attackers to launch these types of attacks using just a handful of servers. With the current batch of NTP amplification attack toolkits, the company adds that malicious actors could launch 100 Gbps attacks – or larger – by leveraging just a few vulnerable NTP servers. 

This leveraging trend appears to be what drove the attack against Basecamp. This started on Monday, with the firm's IT staff re-routing DNS calls to restore partial service without paying the requested ransom to the cyber-criminals. 

Basecamp - which claims to be signing up more than 6,000 new clients each week - says it has now restored about 95 per cent of its normal service. 

David H. Hansson, the creator of Ruby on Rails and who is closely involved with Basecamp, says the main effects of the attack stopped after a couple of hours on Monday, but cautioned that the trend with these type of attacks suggests they are on-and-off in nature. 

"We're collaborating with the other victims of the same group and with law enforcement. These criminals are sophisticated and well-armed," he said in his company blog, adding an apology to the service's clients.  

Commenting on the DDoS attack issue, Jag Bains, CTO of DOSarrest, said that DDoS is getting more sophisticated. 

"DDoS in its simplest form attempts to bombard a server with so many requests that it can't handle the volume and therefore just shuts down, making a Web site inaccessible," he said, adding that the conventional understanding of DDoS is that it is typically massive in terms of bandwidth, packets per second and connection. 

"Blurring the lines between DDoS and Hacking - DDoS and hacking have traditionally been seen as two mutually exclusive security initiatives, each requiring its own set of mitigating strategies,” he said, adding that DDoS is now being used as the ‘feint' used to cover backend attempts for data theft.