Feeds

Websites stagger to feet, Network Solutions wears off DDoS hangover

MYSTERY surrounds overnight web pummelling

Build a business case: developing custom apps

Web-hosting biz and domain-name registrar Network Solutions was pummelled offline by attackers last night - and took its customers' websites down with it.

The distributed denial-of-service assault (DDoS) lasted for about two or three hours before the US company was able to mitigate the effects and get its systems back online. The firm battled to keep its clients informed via its official Twitter account (here) and Facebook page. Staffers wrote:

The recent DDOS attack affecting some customers has now been mitigated. Customer websites should be resolving normally, and you should be able to readily access the Network Solutions site. If you continue to have issues, please contact our Customer Service team at 1-866-391-4357. Thanks to everyone for their patience as we resolved this issue.

The motive and methods of the attack, much less the perpetrators, remains unclear. However the assault itself is part of a growing problem: such DDoS volleys - typically launched from an unwitting army of thousands of hacked computers against a single target - are increasingly fierce and brazen. Cyber-crooks have switched from using malware-infected home PCs to compromised web servers, creating a more powerful attack platform as a result.

A quarterly survey from DDoS mitigation firm Prolexic, published on Wednesday (available here - registration required), put the average volume of packet-flooding attacks during Q2 2013 at 49.24Gbps, up from a previous all time high of 48.25Gbps in Q1 2013. In addition, average packet-per-second volume reached 47.4Mbps this quarter, a dramatic 46 per cent increase over the 32.4Mpps in Q1 2013, according to Prolexic.

After trending downwards in 2011 and part of 2012, average attack durations are increasing, rising steadily from 17 hours in Q1 2012 and 34.5 hours in Q1 2013, to 38 hours in Q2 2013, we're told.

Prolexic reckons the increased use of compromised web servers rather than normal PCs is putting denial-of-service attacks on steroids.

“This quarter we logged increases for all major DDoS attack metrics, and some have been significant. DDoS attacks are getting bigger, stronger and longer,” said Stuart Scholly, president at Prolexic. “We believe this growth is being fueled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets.

“Attack durations are likely increasing because perpetrators are less concerned about detection and protecting their botnets. The widespread availability of compromised web servers makes it much easier for malicious actors to replenish, grow and redeploy botnets.

"Traditionally, botnets have been built from compromised clients. This requires malware distribution via PCs and virus infections, and takes considerable time and effort. Consequently, attackers wanted to protect their client-based botnets and were more fearful of detection, so we saw shorter attack durations.”

Prolexic reckons there was a 33 per cent increase in total number of DDoS attacks in Q2 2013 compared to Q2 2012. Attacks are getting more sophisticated, with a 79 per cent increase in total number of attacks on the application layer (OSI layer 7) that rely of more sophisticated tricks than simply flooding targeted hosts with junk network traffic.

Even so basic lower-level SYN avalanches account for nearly one-third of all attacks mitigated by Prolexic’s Security Operations Center (SOC). GET, ICMP and UDP floods were also frequently directed against Prolexic customers during the three month study period.

Neustar, another DDoS mitigation firm, reported earlier this week that more than a fifth (22 per cent) of UK organisations were hit by disruptive distributed denial-of-service attacks last year. More than a third (37 per cent) of these attacks lasted more than a day. Neustar's study was based on a survey of 380 UK-based IT professionals. ®

Boost IT visibility and business value

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
VVOL update: Are any vendors NOT leaping into bed with VMware?
It's not yet been released but everyone thinks it's the dog's danglies
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.