Feeds

Move over cybercrims, DDoS now protesters' weapon of choice

Attackers swap rifles for machine guns with laser sights

The Essential Guide to IT Transformation

Ideological hacktivism has replaced cybercrime as the main motivatation behind DDoS attacks, according to a study by Arbor Networks.

Up until last year, DDoS attacks were typically financially driven – either for reasons of competition or outright extortion – but the activities of Anonymous and related groups have changed that. The plethora of readily available DDoS attack tools (such as LOIC, a sometime favourite of Anonymous) means that anyone can launch an attack and any business could potentially be targeted.

Arbor, which specialises in supplying DDoS mitigation and traffic management tools to telcos and ISPs, describes the rise of hacktivism as a "sea-change in the threat landscape".

"What we saw in 2011 was the democratisation of DDoS," said Roland Dobbins, Arbor Networks solutions architect for Asia-Pacific, and the primary author of the 2012 edition of Arbor's annual Worldwide Infrastructure Security Report. "Any enterprise operating online – which means just about any type and size of organisation – can become a target, because of who they are, what they sell, who they partner with or for any other real or perceived affiliations. Furthermore, the explosion of inexpensive and readily-accessible attack tools is enabling anyone to carry out DDoS attacks."

Network operators quizzed by Arbor as it compiled its study reported a significant increase in the prevalence of high-bandwidth DDoS attacks. Around 13 per cent reported attacks greater than 10 Gbps between October 2010 and November 2011, the period covered by the report. An even greater number (25 per cent) observed DDoS attacks that exceeded the total bandwidth into their data centre.

The single largest reported DDoS attack during the survey period hit 60 Gbps, down from 100 Gbps reported in 2010. However this drop in the absolute volume of the worst attack disguises what Arbor describes as the "increasing sophistication and complexity of application-layer and multi-vector DDoS attacks".

Around half of respondents reported application-layer attacks on their networks. More than 40 per cent of network operators quizzed by Arbor reported an inline firewall and/or IPS failing due to a DDoS attack.

For the first time, a respondent to Arbor's survey observed a native IPv6 DDoS attack on their network. Arbor describes this as a "significant milestone" while noting that although "IPv6 deployments continue to advance, IPv6 is not yet economically or culturally significant enough to warrant serious attention by the internet criminal underground".

Fifty per cent of respondents reported not seeing any attacks targeting their mobile infrastructure. Conversely, more than 30 per cent reported an average of 50 to 100 mobile DDoS attacks per month, suggesting some mobile operators lack the tools that would allow them to monitor problems on their networks.

Arbor's findings were based on a survey of 114 of its service provider customers throughout the world.

Cyber machine guns flood networks

Another DDoS trend study from Prolexic Technologies, also published on Tuesday, reports that denial-of-service attack sophistication has increased even while assault durations have decreased.

Average attack duration was down to 34 hours in Q4 2011 from 43 hours in Q4 2010 but packet-per-second volume increased 18-fold. Prolexic mitigated 45 per cent more attacks in Q4 2011 compared to Q4 2010.

"Based on fourth quarter statistics, Prolexic predicts that 2012 will feature DDoS attacks that will be shorter in duration, but much more devastating in terms of packet-per-second volume," said Paul Sop, chief technology officer at Prolexic. "Think of it this way. In the past, attackers had a rifle. In 2012, they have a machine gun with a laser sight."

During Q411, approximately 22 per cent of attacks faced down by the firm were ICMP floods, 20 per cent were UDP Floods, 20 per cent were SYN Floods and 16 per cent were GET Floods. Prolexic clients in the e-Commerce sector "received a disproportionately high percentage of Layer 7 (application layer) attacks and much longer average attack durations," the firm adds.

Prolexic's report can be downloaded here (PDF, registration required).

A separate study from Akamai out last week reported an increase in attack traffic from Asia during the third quarter of 2011. Taiwan and China held the second and third place spots, respectively, accounting for just under 20 per cent of observed attack traffic combined. Asia Pacific as a whole generated nearly half (49 per cent) of online attacks observed across the Akamai platform during Q3 2011.

Attack traffic originating in Europe was down slightly to 28 per cent; with the Americas accounting for nearly 19 per cent over the same time-frame, Akamai reports. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.