Last week news broke that the internet around the world had been slowed down in what some described as the biggest cyber attack of its kind in history. It's also something that I predicted around a month ago.
The Spamhaus attack is a demonstration of the kind of distributed denial-of-service (DDoS) attack I have been expecting for some time: DNS reflection. The major driver for this kind of attack is the decreasing number of bots available for rent, with the authorities more effectively cracking down on major botnets. With a lower number of bots now available, hacktivists and other cyber criminals are finding new ways in which to amplify their attacks.
This shows that the nature of the open DNS servers can act as a springboard for huge DDoS attacks, and this is just one among many that we will see throughout 2013. It might be the largest amplification attack to date but I would predict that this will be seen as relatively small when we will look back at the end of 2013. One thing to remember however, is that very often a DDoS attack is just a smoke screen for a more sophisticated attack that can potentially cost the company even more money; meaning that IT professionals need to be prepared to respond to other threats while a DDoS attack is underway.
For businesses, it's important to know that there are things we can do to protect the internet infrastructure and also services. People running open DNS resolvers will need to start filtering requests and companies under attack should filter DNS responses that will allow legitimate responses to be delivered and stop DNS reflection attack responses in their tracks.
The time to build business and government defences against this form of attack is now. As cyber criminals increasingly push the boundaries of what businesses think is possible, we need to do everything we can to stop them in their tracks and protect our most valuable data.
Joakim Sundberg is security solution architect at F5