Feeds

Websites stagger to feet, Network Solutions wears off DDoS hangover

MYSTERY surrounds overnight web pummelling

Choosing a cloud hosting partner with confidence

Web-hosting biz and domain-name registrar Network Solutions was pummelled offline by attackers last night - and took its customers' websites down with it.

The distributed denial-of-service assault (DDoS) lasted for about two or three hours before the US company was able to mitigate the effects and get its systems back online. The firm battled to keep its clients informed via its official Twitter account (here) and Facebook page. Staffers wrote:

The recent DDOS attack affecting some customers has now been mitigated. Customer websites should be resolving normally, and you should be able to readily access the Network Solutions site. If you continue to have issues, please contact our Customer Service team at 1-866-391-4357. Thanks to everyone for their patience as we resolved this issue.

The motive and methods of the attack, much less the perpetrators, remains unclear. However the assault itself is part of a growing problem: such DDoS volleys - typically launched from an unwitting army of thousands of hacked computers against a single target - are increasingly fierce and brazen. Cyber-crooks have switched from using malware-infected home PCs to compromised web servers, creating a more powerful attack platform as a result.

A quarterly survey from DDoS mitigation firm Prolexic, published on Wednesday (available here - registration required), put the average volume of packet-flooding attacks during Q2 2013 at 49.24Gbps, up from a previous all time high of 48.25Gbps in Q1 2013. In addition, average packet-per-second volume reached 47.4Mbps this quarter, a dramatic 46 per cent increase over the 32.4Mpps in Q1 2013, according to Prolexic.

After trending downwards in 2011 and part of 2012, average attack durations are increasing, rising steadily from 17 hours in Q1 2012 and 34.5 hours in Q1 2013, to 38 hours in Q2 2013, we're told.

Prolexic reckons the increased use of compromised web servers rather than normal PCs is putting denial-of-service attacks on steroids.

“This quarter we logged increases for all major DDoS attack metrics, and some have been significant. DDoS attacks are getting bigger, stronger and longer,” said Stuart Scholly, president at Prolexic. “We believe this growth is being fueled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets.

“Attack durations are likely increasing because perpetrators are less concerned about detection and protecting their botnets. The widespread availability of compromised web servers makes it much easier for malicious actors to replenish, grow and redeploy botnets.

"Traditionally, botnets have been built from compromised clients. This requires malware distribution via PCs and virus infections, and takes considerable time and effort. Consequently, attackers wanted to protect their client-based botnets and were more fearful of detection, so we saw shorter attack durations.”

Prolexic reckons there was a 33 per cent increase in total number of DDoS attacks in Q2 2013 compared to Q2 2012. Attacks are getting more sophisticated, with a 79 per cent increase in total number of attacks on the application layer (OSI layer 7) that rely of more sophisticated tricks than simply flooding targeted hosts with junk network traffic.

Even so basic lower-level SYN avalanches account for nearly one-third of all attacks mitigated by Prolexic’s Security Operations Center (SOC). GET, ICMP and UDP floods were also frequently directed against Prolexic customers during the three month study period.

Neustar, another DDoS mitigation firm, reported earlier this week that more than a fifth (22 per cent) of UK organisations were hit by disruptive distributed denial-of-service attacks last year. More than a third (37 per cent) of these attacks lasted more than a day. Neustar's study was based on a survey of 380 UK-based IT professionals. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.