Denial of Service Attacks Increasing In Number and Intensity, Says Report

Businesses are seeing an increase of Distributed Denial of Service (DDoS) attacks in comparison to last year, with attacks becoming shorter but more robust, according to a quarterly report released Oct. 16 by DDoS mitigation company Prolexic.

During a DDoS incident, an attacker prevents users from being able to access a website. In order to achieve this, he typically uses malware to infect a network of computers, or botnet. The attacker can control the botnet to overwhelm a website with data and requests, forcing it to crash or become slow to the point of being unusable.

For businesses, DDoS attacks can be crippling, resulting in a loss in profit or customer service until the website can be restored. Prolexic’s report found DDoS incidents have increased by 88 percent when compared to the same period of time last year.

Perhaps more troubling, the incidents are becoming more intense, using higher bandwidth volumes. Prolexic President Stuart Scholly said that on average the company is seeing attacks with a bitrate of 20 gigabites per second or more every eight days. Few enterprises have networks with the capacity to withstand attacks of that size, he added.

China continues to be the top source country for attacks, responsible for about 35 percent, with the United States following with 27 percent, the report found. Although the United States was the source country for only 8.76 percent of attacks last quarter, Scholly said the United States is typically the second-ranked source country after China.

“Twenty gigs is the new norm,” he said. “There’s no doubt in my mind that that trend continues.”

A DDoS toolkit called “itsoknoproblembro” was responsible for the majority of the high bandwidth floods this quarter, the report stated. The toolkit is especially effective because it targets vulnerable servers instead of individual computers, making the botnet easier to control and yielding a higher bandwidth, Scholly said.

“What might have taken 50,000 compromised home machines before might only take a couple thousand servers now,” he said. “And it’s easier to coordinate the activities of a couple thousand high capacity machines.”

The toolkit has been linked in reports to the suspected attacks on financial institutions during September, but Scholly would not comment on what companies were attacked, citing customer privacy.

“What I can tell you is that this toolset is something that we’ve been observing over the years, and we’ve seen it used in multiple sectors,” he said. “It was has by no means been targeted at one individual sector.”

Scholly would also not comment on what actors were responsible for the toolkit. Motivation for attacks can vary from state-sponsored activities, competing companies trying to get an economic advantage, or the overloading a server as a means of social protest, he said.

Another continuing trend is the growing popularity of shorter attacks, Scholly said. “The more you expose your botnet during an attack, the greater likelihood that you have for someone to start taking it down,” he said. “So you want to accomplish your goal, and then kind of move on.”

Source: http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=929