Feeds

Websites stagger to feet, Network Solutions wears off DDoS hangover

MYSTERY surrounds overnight web pummelling

Top 5 reasons to deploy VMware with Tegile

Web-hosting biz and domain-name registrar Network Solutions was pummelled offline by attackers last night - and took its customers' websites down with it.

The distributed denial-of-service assault (DDoS) lasted for about two or three hours before the US company was able to mitigate the effects and get its systems back online. The firm battled to keep its clients informed via its official Twitter account (here) and Facebook page. Staffers wrote:

The recent DDOS attack affecting some customers has now been mitigated. Customer websites should be resolving normally, and you should be able to readily access the Network Solutions site. If you continue to have issues, please contact our Customer Service team at 1-866-391-4357. Thanks to everyone for their patience as we resolved this issue.

The motive and methods of the attack, much less the perpetrators, remains unclear. However the assault itself is part of a growing problem: such DDoS volleys - typically launched from an unwitting army of thousands of hacked computers against a single target - are increasingly fierce and brazen. Cyber-crooks have switched from using malware-infected home PCs to compromised web servers, creating a more powerful attack platform as a result.

A quarterly survey from DDoS mitigation firm Prolexic, published on Wednesday (available here - registration required), put the average volume of packet-flooding attacks during Q2 2013 at 49.24Gbps, up from a previous all time high of 48.25Gbps in Q1 2013. In addition, average packet-per-second volume reached 47.4Mbps this quarter, a dramatic 46 per cent increase over the 32.4Mpps in Q1 2013, according to Prolexic.

After trending downwards in 2011 and part of 2012, average attack durations are increasing, rising steadily from 17 hours in Q1 2012 and 34.5 hours in Q1 2013, to 38 hours in Q2 2013, we're told.

Prolexic reckons the increased use of compromised web servers rather than normal PCs is putting denial-of-service attacks on steroids.

“This quarter we logged increases for all major DDoS attack metrics, and some have been significant. DDoS attacks are getting bigger, stronger and longer,” said Stuart Scholly, president at Prolexic. “We believe this growth is being fueled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets.

“Attack durations are likely increasing because perpetrators are less concerned about detection and protecting their botnets. The widespread availability of compromised web servers makes it much easier for malicious actors to replenish, grow and redeploy botnets.

"Traditionally, botnets have been built from compromised clients. This requires malware distribution via PCs and virus infections, and takes considerable time and effort. Consequently, attackers wanted to protect their client-based botnets and were more fearful of detection, so we saw shorter attack durations.”

Prolexic reckons there was a 33 per cent increase in total number of DDoS attacks in Q2 2013 compared to Q2 2012. Attacks are getting more sophisticated, with a 79 per cent increase in total number of attacks on the application layer (OSI layer 7) that rely of more sophisticated tricks than simply flooding targeted hosts with junk network traffic.

Even so basic lower-level SYN avalanches account for nearly one-third of all attacks mitigated by Prolexic’s Security Operations Center (SOC). GET, ICMP and UDP floods were also frequently directed against Prolexic customers during the three month study period.

Neustar, another DDoS mitigation firm, reported earlier this week that more than a fifth (22 per cent) of UK organisations were hit by disruptive distributed denial-of-service attacks last year. More than a third (37 per cent) of these attacks lasted more than a day. Neustar's study was based on a survey of 380 UK-based IT professionals. ®

Beginner's guide to SSL certificates

More from The Register

next story
Ellison: Sparc M7 is Oracle's most important silicon EVER
'Acceleration engines' key to performance, security, Larry says
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Lenovo to finish $2.1bn IBM x86 server gobble in October
A lighter snack than expected – but what's a few $100m between friends, eh?
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Hey, what's a STORAGE company doing working on Internet-of-Cars?
Boo - it's not a terabyte car, it's just predictive maintenance and that
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.