DDoS attacks: Criminals get stealthier
by Jag Bains - CTO of DOSarrest - Friday, 23 May 2014.
There is a lot of media hype surrounding volumetric style DDoS attacks recently where the focus has been on large Gb/sec attacks, sometimes up to 400 Gb/sec. In reality, these are very rare and these big and dumb style attacks make one wonder if they are just being used as a distraction to take up resources and divert IT operations' efforts in the wrong place so that hackers can get into websites unnoticed. Bottom line is that DDoS attacks are a serious security threat that evolve every day, much like the sophistication of the criminals that launch the attacks.

Therefore, significant changes are taking place in the type and style of attacks that we are seeing. From headless browsers and application layer attacks to using a DDoS attack as cover for more sinister cyber attacks, every security professional needs to understand that DDoS is not a static problem that can be dealt with and then ignored. It evolves; and the tactics for defending against them need to advance even faster.

There are a variety of reasons for the evolution:
  • Better general awareness about DDoS attacks has forced attackers to develop new ways to get around the basic defenses.
  • Media attention for high profile DDoS attacks attracts activists with a message. Groups try to outdo one another in a bid for attention.
  • A growing variety of coding practices, web platforms and features used in web design have created an increasing number of variables which can result in application exploits, rendering a website useless.
  • With more access to high-CPU devices available through the cloud and dedicated hosting, DDoS attackers can now use that CPU to run more sophisticated attacks.
For these reasons, we are seeing more sophistication in the style of attacks used, meaning there is less volume and attackers are targeting very specific vulnerabilities in a website by doing their homework to make sure they target the weakest points.

One of the stealthiest ways that we are seeing attackers attempting to sneak past defences are headless browsers that are a clever way for cyber criminals to get around standard DDoS protection in order to masquerade as legitimate web traffic. The kit itself is used for programmers to test their websites, so for all intents and purposes, it is a legitimate browser web kit. It's just been modified to run a series of queries and target basic UIs on a website. When used maliciously, they enable attackers to launch sophisticated DDoS attacks that can leave websites paralysed. Detection is difficult and stopping a headless browser DDoS attack can be a bit like playing a game of "whack-a-mole".

Importantly, with headless browsers, Javascript and Captcha can be processed and it can jump through hoops of the website, as it was designed for testing; this will be a big problem for more traditional DDoS protection, like box solutions. What will be most effective here is real time support, where there is a human involved that can develop some rulesets to determine what is going on and then implement these modules within seconds.

Application layer attacks are also becoming more and more prominent to the point where you might not even notice them- if you don't know what you are looking for. Attackers are getting better at reconnaissance and doing their research to perform smarter attacks that keep the volume low and under the radar, meanwhile killing the site in the background and fooling IT into spending time on the wrong part of the site when it is down. This isnít a bunch of kids getting together on 4Chan for bragging rights, they know what is at stake and do reconnaissance on the website- it is a very thorough process.

Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //