Infrastructure // Network Security
10:06 AM
Craig Treubig
Craig Treubig
Connect Directly
Repost This

The DDoS Smash-And-Grab: Be Prepared

You are more likely to fall victim to a DDoS attack as each day passes. Assume you will be a hacker's target, and get ready with a remediation plan.

Enterprises and governments connected to the Internet today must treat distributed denial-of-service (DDoS) attacks as an everyday occurrence. DDoS technology is not new, but unlike the old days of "low and slow," the current toolsets widely available to attackers allow even inexperienced users to execute sophisticated attacks with ease.

As hacker tools become easier to get in an active underground market, we will likely see the number of smash-and-grab attacks increase. Enterprises must do more to protect themselves, and be on alert for the use of DDoS attacks coupled with denial-of-service (DoS) attacks.

Attackers use DDoS as a smoke screen. This method allows them to tie up available resources, personnel, equipment, or bandwidth, in order to perpetrate a greater crime against an organization. These events cost organizations large sums of money in the form of service level agreements, service interruptions, and credit protection for clients affected by an attack against the enterprise.

The Internet loses massive amounts of bandwidth to these events daily. The financial industry estimates the cost of a DDoS attack at $100,000, and the costs add up per hour even before a mitigation effort begins. The additional cost of remediation and forensics for a DoS or DDoS attack could almost double the initial number by the time the process is completed.

As the current threatscape continues to evolve, we will witness more and more complex blended attacks. Some popular approaches use peer-to-peer (P2P) networks as ways to mount attacks. There are increasing numbers of attacks against social media sites using backend technologies such as WordPress and Joomla to target government agencies and other organizations, especially those in the oil and gas, manufacturing, healthcare and higher education sectors. These industries are often pursued for their intellectual property or research information.

The Prolexic Quarterly Global DDoS Attack Report Q3 reported that application attack vectors increased by almost 6%, from 17 to 23%, from the third quarter of 2012 to 2013. Infrastructure attacks, which totaled 77% in Q3 2013, continued to represent the majority of attacks observed and mitigated.

Worth noting was the increase of reflection-based DDoS attacks using the old but re-emerging character generator (CHARGEN) protocol, which has been seen in several recent campaigns as a primary attack vector. A significant shift to reflection-based attack vectors was observed across the board, rising 69% compared to the previous quarter and 265% when compared to the same quarter a year ago.

Increased DDoS attacks show the ongoing changes to the threatscape, and how easily businesses can be compromised. Enterprises must be more vigilant in their security programs and continue to evolve to combat this threat. Most importantly, they should have remediation plans in place.

Craig Treubig is managing principal consultant at Accuvant, with more than 17 years of information security and infrastructure security experience in consulting and enterprise environments. 

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
1/29/2014 | 11:08:11 PM
Re: Self-serving fearmonger much?
"If your business wasn't a high risk candidate for DDoS last week--nothing has changed."


Well, there is some truth to that :-) Perhaps what's changing is the frequency and scale of the attacks? I can't speak to that pdrsonally, but if that's the trend then DDoS detection and mitigation may be even more important now than before as the exposure may be rising.

David F. Carr
David F. Carr,
User Rank: Author
1/22/2014 | 7:15:29 PM
WordPress and Joomla
Can you explain the reference to attackers "using backend technologies such as WordPress and Joomla to target government agencies and other organizations" - how does a CMS qualify as a tool for targeting other sites? Is this a reference to hacking servers running those products (maybe unpatched older versions) and then using those servers as a jumping off point for an attack on other sites? Or do WordPress and Joomla actually contain tools that can be misused for mounting attacks?
Lorna Garey
Lorna Garey,
User Rank: Author
1/22/2014 | 11:52:09 AM
Are you seeing growth?
Not to cast aspersions on Prolexic's data, but the company's primary business is DDoS protection & mitigation services. In your practice do you see more of these attacks on companies that would not be considered high-value targets, or is there data from NIST or the FBI to that effect?

Yes, having a DDoS mitigation plan is a great idea, and attackers are moving up the stack. We did a full report on it. However, IT teams with limited resources need to prioritize.
User Rank: Apprentice
1/22/2014 | 11:21:41 AM
Self-serving fearmonger much?
 If your business wasn't a high risk candidate for DDoS last week--nothing has changed.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.