In a distributed denial of service (DDoS) attack, the attacker seeks to make it impossible to deliver the targeted online service. The attack does this by blocking legitimate access to one or more components of the service: servers, networks, applications, devices or even specific types of transactions (e.g., database queries). This is accomplished by sending huge volumes of malicious requests or data from multiple systems.
DDoS attacks have been around for a long time. But lately they’re morphing into new and even more menacing forms. Here are some emerging characteristics of “the new” DDoS attacks:
- They’re bigger. Thanks to billions of newly connected—and unsecured—Internet of Things (IoT) devices like cameras, printers and lighting systems, it’s getting easier to build bigger botnets to spawn DDoS attacks. Whereas the massive Mirai botnet of 2016 was thought to approach 500,000 bots, the big fish in today’s botnet pool encompass millions of systems.
The largest DDoS attack ever recorded smashed into GitHub’s code hosting site a few weeks back, generating over 1.35 terabytes/sec of traffic. A few days later an even bigger DDoS tsunami (estimated at 1.7 tbps) hit a US service provider.
- They’re more prevalent. Researchers say the number of DDoS attacks almost doubled just in the second half of 2017, with thousands occurring daily worldwide. Almost 75% of all global enterprises have been hit with at least one DDoS attack. Many now experience an average of eight DDoS attacks per day.
- They’re for sale “as-a-Service.” These days anybody with as little as US$20 can rent a botnet, click the start button and launch a DDoS attack. No wonder the volume of attacks is rising!
- They’re leveraging new vulnerabilities. In the last few months a potent new DDoS attack vector has emerged. It exploits improperly configured, internet-exposed servers running the open source Memcached memory caching system, which is capable of returning massive chunks of data in response to simple queries. The attack on GitHub was spawned by this method.
- They’re multi-pronged and targeting your vendors, too. Sophisticated attackers are increasingly launching Advanced Persistent Denial of Service (APDoS) attacks, which target multiple layers of a service and/or key service providers like ISPs and cloud service providers (CSPs). These highly coordinated attacks are harder to thwart and exploit the “weakest link” to take the targeted service down.
Is your business at risk of a DDoS attack? Unfortunately, the answer is probably yes—especially if you rely on web-based services to generate revenue. While the motivations for some high-profile DDoS attacks have been political or revenge-related, financial gain is the leading factor by far. Extortion attempts often follow DDoS attacks. Likewise, DDoS may be only a diversion that swamps your monitoring capabilities to cover a targeted attack seeking sensitive or proprietary data.
Your business is also a likely target if it provides “infrastructure” for web applications. As noted above, suppliers in today’s “digital supply chains” are increasingly being targeted to take down their clients.
How can you protect from DDoS attacks? Start by shutting down any would-be “bots” on your network by changing factory-preset passwords, taking nonessential devices offline, and taking all Memcached servers offline. Partnering with a DDoS protection/mitigation vendor is also a good option for a business at risk.
I hope this blog post provides awareness that can help you develop a solid anti-DDoS strategy. To connect with an expert and talk over your risks and options, contact Pivot Point Security.
See also: How to Deal with an Intense DDoS Attack