DDoS attacks: Bigger, Badder and Nastier than last year

News by Steve Gold

DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way.

A raft of next-generation DDoS attacks have marked the first months of 2014, says a new report from Incapsula, which notes that large-scale SYN floods attacks now account for a hefty 51.5 percent of all large-scale attacks.

The research - which covers the whole of 2013 and the first two months of 2014 - says that 81 percent of DDoS attacks seen in 2014 are now multi-vectored, with almost one in every three attacks now above 20 Gbps in data volume terms.

The analysis - entitled the `2013-2014 DDoS Threat Landscape Report' - says that application (Layer 7) DDoS attacks are becoming a major headache for IT professionals as this year progresses, with DDoS bot traffic up by 240 percent in the three months to the end of February this year.

Interestingly, Incapsula says that 29 per cent of botnets have been seen attacking more than 50 targets a month.

The analysis - which is based on 237 network DDoS attacks that exceeded 5 Gbps and targeting Web sites on Incapsula's network - concludes that DDoS bots are evolving, developing immunity to cookie and JavaScript challenges along the way.

In fact, says Incapsula, during the final quarter of 2013, the firm's research team reported the first encounter with browser-based DDoS bots that were able to bypass both JavaScript and Cookie challenges - the two most common methods of bot filtering.

The problem, concludes the report, is that the DDoS attack perpetrators are now looking to raise the stakes even higher by introducing new capabilities, many of which are specifically designed to abuse the weaknesses of traditional anti-DDoS solutions.

As a result, in 2014, the research predicts, many IT organisations will need to re-think their security strategies to respond to latest Layer 3-4 and Layer 7 DDoS threats.

According to Barry Shteiman, Director of Security Strategy with Imperva, the report exposes advancements in both network and application layers. The most interesting take-out from the report, he says, is that the application DDoS attacks are now originating in botnets.

"Last year we wrote extensively about the trend on CMS hacking for industrialised cybercrime where attackers use botnets in order to turn onboard infected machines into botnets and then use those as platforms for network and application attacks," he said.

"For DDoS attacks, it just makes sense. When a hacker has the power of masses with a large botnet, there are great opportunities to disrupt service. When servers are being infected rather than user's computers, it's even worse, just because of the bandwidth and computing power that becomes available to the hacker," he added.

Ashley Stephenson, CEO of Corero Network Security, said that it is essential that the governments take a more active role in encouraging private sector organisations to address the issue of DDoS attacks - and to put in place the appropriate plans to deal with these unavoidable security risks to their business and the nation's financial infrastructure.

"As consumers saw in late 2012 and early 2013, in both the US and UK, banks and financial institutions were successfully targeted by attacks which compromised their online services," he told SCMagazineUK.com.

The Corero CEO went on to say that his company believes that mandated controls - like those recently proposed by the Federal Financial Institutions Examination Council (FFIEC) - will drive organisations to take pro-active steps to regaining control of their online presence.

"These mandates, at a minimum, offer guidance for financial institutions for appropriate DDoS activity monitoring and adequate incident response planning, this will ultimately lead to the deployment of more effective DDoS defence solutions," he explained.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews