Therefore, significant changes are taking place in the type and style of attacks that we are seeing. From headless browsers and application layer attacks to using a DDoS attack as cover for more sinister cyber attacks, every security professional needs to understand that DDoS is not a static problem that can be dealt with and then ignored. It evolves; and the tactics for defending against them need to advance even faster.
There are a variety of reasons for the evolution:
- Better general awareness about DDoS attacks has forced attackers to develop new ways to get around the basic defenses.
- Media attention for high profile DDoS attacks attracts activists with a message. Groups try to outdo one another in a bid for attention.
- A growing variety of coding practices, web platforms and features used in web design have created an increasing number of variables which can result in application exploits, rendering a website useless.
- With more access to high-CPU devices available through the cloud and dedicated hosting, DDoS attackers can now use that CPU to run more sophisticated attacks.
One of the stealthiest ways that we are seeing attackers attempting to sneak past defences are headless browsers that are a clever way for cyber criminals to get around standard DDoS protection in order to masquerade as legitimate web traffic. The kit itself is used for programmers to test their websites, so for all intents and purposes, it is a legitimate browser web kit. It's just been modified to run a series of queries and target basic UIs on a website. When used maliciously, they enable attackers to launch sophisticated DDoS attacks that can leave websites paralysed. Detection is difficult and stopping a headless browser DDoS attack can be a bit like playing a game of "whack-a-mole".
Application layer attacks are also becoming more and more prominent to the point where you might not even notice them- if you don't know what you are looking for. Attackers are getting better at reconnaissance and doing their research to perform smarter attacks that keep the volume low and under the radar, meanwhile killing the site in the background and fooling IT into spending time on the wrong part of the site when it is down. This isnít a bunch of kids getting together on 4Chan for bragging rights, they know what is at stake and do reconnaissance on the website- it is a very thorough process.