Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/4/2016
04:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Relentless DDoS Attack Incidents Raise Alarm For Businesses

Threat actors increasingly using DDoS tactics as a smokescreen to hide other malicious activity, Neustar report shows.

If there’s one thing consistent about DDoS attack trends over the past few years, it is just how predictable they have been.

Year after year, distributed denial-of-service (DDoS) attacks have grown relentlessly in number. And despite being a thoroughly researched and well-understood problem, they haven’t become any easier to handle. Recent reports from two security firms show that the situation has changed little in the past year -- and could be on the verge of becoming worse.

Neustar's new survey today of more than 1,000 CISOs, CTOs, CISOs and other security professionals shows that DDoS attack volumes remained consistently high through the year. Despite mitigation efforts, more than seven in 10 of the survey respondents said their companies had suffered a DDoS attack in the past year. An even bigger 85% of the victims claimed they had been hit more than once, while 44% had been attacked a startling five times or more.

Fueling the increase in attacks, at least to a certain extent, is the ready availability of DDoS-for-hire services that let threat actors launch attacks against targets for "less than the cost of a lunch," Neustar said in its report.

An Akamai report released last month highlighted a 129% increase in DDoS attacks in the second quarter of 2016 compared to the same period last year. Despite a handful of attacks that exceeded 100 Gbps in size and some that even topped 300 Gbps, the median size of DDoS attacks fell 36% to 3.85 Gbps.

In about half of the cases these days, threat actors are using DDoS attacks to try and distract security response teams from other attacks going on at the same time, says Joe Loveless, director of product marketing at Neustar.

"DDoS attacks are a successful smokescreen for other malicious attacks because they can overwhelm and preoccupy security response teams," Loveless says.

In particular, DDoS attacks that target the API, or the Web application resources of network devices including security management systems, can effectively render a security team blind to any other stealthy activity that might be going on, he says. "For example, malware from a phishing attempt may activate during a DDoS attack because the security team is unaware of it."

Not surprisingly, about 21% of the organizations that were hit with DDoS attacks also reported breaches involving loss of customer data. About 70% of them learned of the loss from external sources such as social media. About 37% of the victims discovered at least one malware sample that had been activated under cover of a DDoS attack.

Though the motivations for attacks tend to vary, the most common consequence of a DDoS flood continues to be service outage. Nearly 50% of the Neustar survey respondents said their organizations would lose $100,000 or more per hour if the DDoS attack happened during peak business hours. One-third pegged the number at $250,000 per hour.

Concerns over DDoS attacks—always in the background for most security professionals—have risen to the top in recent days as the result of two massive attacks involving the use of compromised IoT devices.

Both the attacks, one on KrebsOnSecurity's site involving over 600 Gbps of DDoS traffic, and the other on French ISP OVH that generated a staggering 1 Tbps flood, were generated from a botnet of infected consumer IoT systems.

The threat actor behind the attacks earlier this week publicly released his code for the attacks, prompting fears that more adversaries could start infecting Internet connected DVRs, IP cameras, and other IoT devices to wage DDoS attacks.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "SpearPhish! Everyone out of the office!"
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13584
PUBLISHED: 2019-07-17
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request.
CVE-2019-13585
PUBLISHED: 2019-07-17
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request.
CVE-2019-13631
PUBLISHED: 2019-07-17
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.
CVE-2019-13614
PUBLISHED: 2019-07-17
CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server...
CVE-2019-10100
PUBLISHED: 2019-07-17
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.