Original URL: http://www.theregister.co.uk/2013/07/18/netsol_ddos/
Websites stagger to feet, Network Solutions wears off DDoS hangover
MYSTERY surrounds overnight web pummelling
Web-hosting biz and domain-name registrar Network Solutions was pummelled offline by attackers last night - and took its customers' websites down with it.
The distributed denial-of-service assault (DDoS) lasted for about two or three hours before the US company was able to mitigate the effects and get its systems back online. The firm battled to keep its clients informed via its official Twitter account (here) and Facebook page. Staffers wrote:
The recent DDOS attack affecting some customers has now been mitigated. Customer websites should be resolving normally, and you should be able to readily access the Network Solutions site. If you continue to have issues, please contact our Customer Service team at 1-866-391-4357. Thanks to everyone for their patience as we resolved this issue.
The motive and methods of the attack, much less the perpetrators, remains unclear. However the assault itself is part of a growing problem: such DDoS volleys - typically launched from an unwitting army of thousands of hacked computers against a single target - are increasingly fierce and brazen. Cyber-crooks have switched from using malware-infected home PCs to compromised web servers, creating a more powerful attack platform as a result.
A quarterly survey from DDoS mitigation firm Prolexic, published on Wednesday (available here - registration required), put the average volume of packet-flooding attacks during Q2 2013 at 49.24Gbps, up from a previous all time high of 48.25Gbps in Q1 2013. In addition, average packet-per-second volume reached 47.4Mbps this quarter, a dramatic 46 per cent increase over the 32.4Mpps in Q1 2013, according to Prolexic.
After trending downwards in 2011 and part of 2012, average attack durations are increasing, rising steadily from 17 hours in Q1 2012 and 34.5 hours in Q1 2013, to 38 hours in Q2 2013, we're told.
Prolexic reckons the increased use of compromised web servers rather than normal PCs is putting denial-of-service attacks on steroids.
“This quarter we logged increases for all major DDoS attack metrics, and some have been significant. DDoS attacks are getting bigger, stronger and longer,” said Stuart Scholly, president at Prolexic. “We believe this growth is being fueled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets.
“Attack durations are likely increasing because perpetrators are less concerned about detection and protecting their botnets. The widespread availability of compromised web servers makes it much easier for malicious actors to replenish, grow and redeploy botnets.
"Traditionally, botnets have been built from compromised clients. This requires malware distribution via PCs and virus infections, and takes considerable time and effort. Consequently, attackers wanted to protect their client-based botnets and were more fearful of detection, so we saw shorter attack durations.”
Prolexic reckons there was a 33 per cent increase in total number of DDoS attacks in Q2 2013 compared to Q2 2012. Attacks are getting more sophisticated, with a 79 per cent increase in total number of attacks on the application layer (OSI layer 7) that rely of more sophisticated tricks than simply flooding targeted hosts with junk network traffic.
Even so basic lower-level SYN avalanches account for nearly one-third of all attacks mitigated by Prolexic’s Security Operations Center (SOC). GET, ICMP and UDP floods were also frequently directed against Prolexic customers during the three month study period.
Neustar, another DDoS mitigation firm, reported earlier this week that more than a fifth (22 per cent) of UK organisations were hit by disruptive distributed denial-of-service attacks last year. More than a third (37 per cent) of these attacks lasted more than a day. Neustar's study was based on a survey of 380 UK-based IT professionals. ®