This month marked ten years since the first distributed denial-of-service (DDoS) attacks.
In a year where several significant anniversaries will be noted, this is perhaps one of the most significant for this year, as DDoS has become one of the most reported areas of web-based attacks over the past 12 months.
Paul Wood, MessageLabs Intelligence senior analyst at Symantec Hosted Services, wrote the following blog about the attack vector.
Ten years ago, on 14 February 2000, a DDoS attack which attempt to cause disruption to an online service or application, knocked a number of high profile websites leaving them offline for several hours, including a well known auction site, the website of a global news channel and an internationally recognised online retail site.
Fast-forward a decade and DDoS attacks have evolved to be more sophisticated, more prevalent and more dangerous than ever. Most recently, the website of a prominent Russian newspaper was targeted causing major disruption for the publication and its readers.
Botnets are a key player in DDoS attacks. Right now, we know that the most prominent spam-sending botnets control over five million active PCs. The actual number of botnets in existence is likely to be much higher, as an infected bot only becomes visible when it is active – in other words spewing out spam or pummelling a site with a DDoS attack.
However, most DDoS attacks are used against websites in order to saturate its capacity and prevent legitimate users from visiting the websites, when in truth it can be a lot more sophisticated than that. DDoS attackers do not care how they are able to hit mail servers; they will use a number of tactics to reach as many businesses as they can.
Dictionary attacks are a popular way of doing this, for instance, when a business's email domain is targeted with thousands or sometimes millions of randomly generated email addresses. The spammers create seemingly valid email addresses by combining first and last names from dictionaries
In doing this, only a very small proportion is likely to match a genuine emails address at the organisation. Attackers do not care how big or small an organisation is, so for a small company, this can become a silent killer for its email system.
There are concerns that, in the future, botnets will become increasingly self-sufficient, which could make them even more efficient at propagating DDoS attacks. With the 2008 takedown of McColo, an ISP based in California, a significant drop in global spam volumes followed by as much as 80 per cent.
However, less than two weeks after this ‘significant blow', active spam-sending botnets started to make a speedy recovery. Since McColo, botnets have changed. Savvy botnet owners are now building in business continuity plans to ensure their networks are self sufficient, robust and less prone to disruption. Clearly, attackers have learned the importance of having a proper backup strategy for their command and control channels. Semi-automated networks mean that cyber criminals are now free to pursue new business opportunities, while targeted DDoS attacks take down critical online applications and services on their own.
Any organisation with an online presence needs to take action now to protect itself from these types of attacks. Using a cloud-based security service operating at the internet level means that attacks can be mitigated before they hit your network. In addition, cloud security services mean that organisations, however large, do not necessarily need to make additional infrastructure investments.