DDoS attacks: Criminals get stealthier
by Jag Bains - CTO of DOSarrest - Friday, 23 May 2014.
There is a lot of media hype surrounding volumetric style DDoS attacks recently where the focus has been on large Gb/sec attacks, sometimes up to 400 Gb/sec. In reality, these are very rare and these big and dumb style attacks make one wonder if they are just being used as a distraction to take up resources and divert IT operations' efforts in the wrong place so that hackers can get into websites unnoticed. Bottom line is that DDoS attacks are a serious security threat that evolve every day, much like the sophistication of the criminals that launch the attacks.

Therefore, significant changes are taking place in the type and style of attacks that we are seeing. From headless browsers and application layer attacks to using a DDoS attack as cover for more sinister cyber attacks, every security professional needs to understand that DDoS is not a static problem that can be dealt with and then ignored. It evolves; and the tactics for defending against them need to advance even faster.

There are a variety of reasons for the evolution:
  • Better general awareness about DDoS attacks has forced attackers to develop new ways to get around the basic defenses.
  • Media attention for high profile DDoS attacks attracts activists with a message. Groups try to outdo one another in a bid for attention.
  • A growing variety of coding practices, web platforms and features used in web design have created an increasing number of variables which can result in application exploits, rendering a website useless.
  • With more access to high-CPU devices available through the cloud and dedicated hosting, DDoS attackers can now use that CPU to run more sophisticated attacks.
For these reasons, we are seeing more sophistication in the style of attacks used, meaning there is less volume and attackers are targeting very specific vulnerabilities in a website by doing their homework to make sure they target the weakest points.

One of the stealthiest ways that we are seeing attackers attempting to sneak past defences are headless browsers that are a clever way for cyber criminals to get around standard DDoS protection in order to masquerade as legitimate web traffic. The kit itself is used for programmers to test their websites, so for all intents and purposes, it is a legitimate browser web kit. It's just been modified to run a series of queries and target basic UIs on a website. When used maliciously, they enable attackers to launch sophisticated DDoS attacks that can leave websites paralysed. Detection is difficult and stopping a headless browser DDoS attack can be a bit like playing a game of "whack-a-mole".

Importantly, with headless browsers, Javascript and Captcha can be processed and it can jump through hoops of the website, as it was designed for testing; this will be a big problem for more traditional DDoS protection, like box solutions. What will be most effective here is real time support, where there is a human involved that can develop some rulesets to determine what is going on and then implement these modules within seconds.

Application layer attacks are also becoming more and more prominent to the point where you might not even notice them- if you don't know what you are looking for. Attackers are getting better at reconnaissance and doing their research to perform smarter attacks that keep the volume low and under the radar, meanwhile killing the site in the background and fooling IT into spending time on the wrong part of the site when it is down. This isnít a bunch of kids getting together on 4Chan for bragging rights, they know what is at stake and do reconnaissance on the website- it is a very thorough process.

Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //