Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/4/2016
04:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Relentless DDoS Attack Incidents Raise Alarm For Businesses

Threat actors increasingly using DDoS tactics as a smokescreen to hide other malicious activity, Neustar report shows.

If there’s one thing consistent about DDoS attack trends over the past few years, it is just how predictable they have been.

Year after year, distributed denial-of-service (DDoS) attacks have grown relentlessly in number. And despite being a thoroughly researched and well-understood problem, they haven’t become any easier to handle. Recent reports from two security firms show that the situation has changed little in the past year -- and could be on the verge of becoming worse.

Neustar's new survey today of more than 1,000 CISOs, CTOs, CISOs and other security professionals shows that DDoS attack volumes remained consistently high through the year. Despite mitigation efforts, more than seven in 10 of the survey respondents said their companies had suffered a DDoS attack in the past year. An even bigger 85% of the victims claimed they had been hit more than once, while 44% had been attacked a startling five times or more.

Fueling the increase in attacks, at least to a certain extent, is the ready availability of DDoS-for-hire services that let threat actors launch attacks against targets for "less than the cost of a lunch," Neustar said in its report.

An Akamai report released last month highlighted a 129% increase in DDoS attacks in the second quarter of 2016 compared to the same period last year. Despite a handful of attacks that exceeded 100 Gbps in size and some that even topped 300 Gbps, the median size of DDoS attacks fell 36% to 3.85 Gbps.

In about half of the cases these days, threat actors are using DDoS attacks to try and distract security response teams from other attacks going on at the same time, says Joe Loveless, director of product marketing at Neustar.

"DDoS attacks are a successful smokescreen for other malicious attacks because they can overwhelm and preoccupy security response teams," Loveless says.

In particular, DDoS attacks that target the API, or the Web application resources of network devices including security management systems, can effectively render a security team blind to any other stealthy activity that might be going on, he says. "For example, malware from a phishing attempt may activate during a DDoS attack because the security team is unaware of it."

Not surprisingly, about 21% of the organizations that were hit with DDoS attacks also reported breaches involving loss of customer data. About 70% of them learned of the loss from external sources such as social media. About 37% of the victims discovered at least one malware sample that had been activated under cover of a DDoS attack.

Though the motivations for attacks tend to vary, the most common consequence of a DDoS flood continues to be service outage. Nearly 50% of the Neustar survey respondents said their organizations would lose $100,000 or more per hour if the DDoS attack happened during peak business hours. One-third pegged the number at $250,000 per hour.

Concerns over DDoS attacks—always in the background for most security professionals—have risen to the top in recent days as the result of two massive attacks involving the use of compromised IoT devices.

Both the attacks, one on KrebsOnSecurity's site involving over 600 Gbps of DDoS traffic, and the other on French ISP OVH that generated a staggering 1 Tbps flood, were generated from a botnet of infected consumer IoT systems.

The threat actor behind the attacks earlier this week publicly released his code for the attacks, prompting fears that more adversaries could start infecting Internet connected DVRs, IP cameras, and other IoT devices to wage DDoS attacks.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-2729
PUBLISHED: 2019-06-19
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
CVE-2019-3737
PUBLISHED: 2019-06-19
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
CVE-2019-3787
PUBLISHED: 2019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to ...
CVE-2019-12900
PUBLISHED: 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12893
PUBLISHED: 2019-06-19
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.