Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/4/2016
04:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Relentless DDoS Attack Incidents Raise Alarm For Businesses

Threat actors increasingly using DDoS tactics as a smokescreen to hide other malicious activity, Neustar report shows.

If there’s one thing consistent about DDoS attack trends over the past few years, it is just how predictable they have been.

Year after year, distributed denial-of-service (DDoS) attacks have grown relentlessly in number. And despite being a thoroughly researched and well-understood problem, they haven’t become any easier to handle. Recent reports from two security firms show that the situation has changed little in the past year -- and could be on the verge of becoming worse.

Neustar's new survey today of more than 1,000 CISOs, CTOs, CISOs and other security professionals shows that DDoS attack volumes remained consistently high through the year. Despite mitigation efforts, more than seven in 10 of the survey respondents said their companies had suffered a DDoS attack in the past year. An even bigger 85% of the victims claimed they had been hit more than once, while 44% had been attacked a startling five times or more.

Fueling the increase in attacks, at least to a certain extent, is the ready availability of DDoS-for-hire services that let threat actors launch attacks against targets for "less than the cost of a lunch," Neustar said in its report.

An Akamai report released last month highlighted a 129% increase in DDoS attacks in the second quarter of 2016 compared to the same period last year. Despite a handful of attacks that exceeded 100 Gbps in size and some that even topped 300 Gbps, the median size of DDoS attacks fell 36% to 3.85 Gbps.

In about half of the cases these days, threat actors are using DDoS attacks to try and distract security response teams from other attacks going on at the same time, says Joe Loveless, director of product marketing at Neustar.

"DDoS attacks are a successful smokescreen for other malicious attacks because they can overwhelm and preoccupy security response teams," Loveless says.

In particular, DDoS attacks that target the API, or the Web application resources of network devices including security management systems, can effectively render a security team blind to any other stealthy activity that might be going on, he says. "For example, malware from a phishing attempt may activate during a DDoS attack because the security team is unaware of it."

Not surprisingly, about 21% of the organizations that were hit with DDoS attacks also reported breaches involving loss of customer data. About 70% of them learned of the loss from external sources such as social media. About 37% of the victims discovered at least one malware sample that had been activated under cover of a DDoS attack.

Though the motivations for attacks tend to vary, the most common consequence of a DDoS flood continues to be service outage. Nearly 50% of the Neustar survey respondents said their organizations would lose $100,000 or more per hour if the DDoS attack happened during peak business hours. One-third pegged the number at $250,000 per hour.

Concerns over DDoS attacks—always in the background for most security professionals—have risen to the top in recent days as the result of two massive attacks involving the use of compromised IoT devices.

Both the attacks, one on KrebsOnSecurity's site involving over 600 Gbps of DDoS traffic, and the other on French ISP OVH that generated a staggering 1 Tbps flood, were generated from a botnet of infected consumer IoT systems.

The threat actor behind the attacks earlier this week publicly released his code for the attacks, prompting fears that more adversaries could start infecting Internet connected DVRs, IP cameras, and other IoT devices to wage DDoS attacks.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.