Feeds

Websites stagger to feet, Network Solutions wears off DDoS hangover

MYSTERY surrounds overnight web pummelling

Next gen security for virtualised datacentres

Web-hosting biz and domain-name registrar Network Solutions was pummelled offline by attackers last night - and took its customers' websites down with it.

The distributed denial-of-service assault (DDoS) lasted for about two or three hours before the US company was able to mitigate the effects and get its systems back online. The firm battled to keep its clients informed via its official Twitter account (here) and Facebook page. Staffers wrote:

The recent DDOS attack affecting some customers has now been mitigated. Customer websites should be resolving normally, and you should be able to readily access the Network Solutions site. If you continue to have issues, please contact our Customer Service team at 1-866-391-4357. Thanks to everyone for their patience as we resolved this issue.

The motive and methods of the attack, much less the perpetrators, remains unclear. However the assault itself is part of a growing problem: such DDoS volleys - typically launched from an unwitting army of thousands of hacked computers against a single target - are increasingly fierce and brazen. Cyber-crooks have switched from using malware-infected home PCs to compromised web servers, creating a more powerful attack platform as a result.

A quarterly survey from DDoS mitigation firm Prolexic, published on Wednesday (available here - registration required), put the average volume of packet-flooding attacks during Q2 2013 at 49.24Gbps, up from a previous all time high of 48.25Gbps in Q1 2013. In addition, average packet-per-second volume reached 47.4Mbps this quarter, a dramatic 46 per cent increase over the 32.4Mpps in Q1 2013, according to Prolexic.

After trending downwards in 2011 and part of 2012, average attack durations are increasing, rising steadily from 17 hours in Q1 2012 and 34.5 hours in Q1 2013, to 38 hours in Q2 2013, we're told.

Prolexic reckons the increased use of compromised web servers rather than normal PCs is putting denial-of-service attacks on steroids.

“This quarter we logged increases for all major DDoS attack metrics, and some have been significant. DDoS attacks are getting bigger, stronger and longer,” said Stuart Scholly, president at Prolexic. “We believe this growth is being fueled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets.

“Attack durations are likely increasing because perpetrators are less concerned about detection and protecting their botnets. The widespread availability of compromised web servers makes it much easier for malicious actors to replenish, grow and redeploy botnets.

"Traditionally, botnets have been built from compromised clients. This requires malware distribution via PCs and virus infections, and takes considerable time and effort. Consequently, attackers wanted to protect their client-based botnets and were more fearful of detection, so we saw shorter attack durations.”

Prolexic reckons there was a 33 per cent increase in total number of DDoS attacks in Q2 2013 compared to Q2 2012. Attacks are getting more sophisticated, with a 79 per cent increase in total number of attacks on the application layer (OSI layer 7) that rely of more sophisticated tricks than simply flooding targeted hosts with junk network traffic.

Even so basic lower-level SYN avalanches account for nearly one-third of all attacks mitigated by Prolexic’s Security Operations Center (SOC). GET, ICMP and UDP floods were also frequently directed against Prolexic customers during the three month study period.

Neustar, another DDoS mitigation firm, reported earlier this week that more than a fifth (22 per cent) of UK organisations were hit by disruptive distributed denial-of-service attacks last year. More than a third (37 per cent) of these attacks lasted more than a day. Neustar's study was based on a survey of 380 UK-based IT professionals. ®

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
Death by 1,000 cuts: Mainstream storage array suppliers are bleeding
Cloud, all-flash kit, object storage slicing away at titans of storage
Oracle reveals 32-core, 10 BEEELLION-transistor SPARC M7
New chip scales to 1024 cores, 8192 threads 64 TB RAM, at speeds over 3.6GHz
VMware vaporises vCHS hybrid cloud service
AnD yEt mOre cRazy cAps to dEal wIth
El Reg's virtualisation desk pulls out the VMworld crystal ball
MARVIN musings and other Gelsinger Gang guessing games
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?