DDoS attacks: Criminals get stealthier
by Jag Bains - CTO of DOSarrest - Friday, 23 May 2014.
Put simply: the intention of a DDoS is to take down a site; and if attackers can do it with one packet- why wouldn't they? With an application layer attack, it doesn’t have to be volumetric. If an attacker did due diligence to find that an area of the site, say a registration page, could only handle a certain low number of users at the same time- an attacker could target that page and easily take down the site.

Where DDoS attacks are concerned, the big and dumb attack is getting easier to deal with- while they still cause havoc and of course we still need to pay attention to volumetric attacks, they are easy to see and identify to make a pattern. We do still see these around as they are easy to generate, but at the same time they are just as easy to mitigate. It is the application attacks and headless browser attacks that we see as the biggest concern for the future. I can only surmise that the media hype is fueling the focus on volumetric DDoS attacks, which in turn is where the industry seems to be concentrating to meet expectations of customers. When actually, there is a rise in application attacks and we should be educating companies about these threats, as they will be the ones that will be the real consequence for businesses who place any sort of importance on their websites.



Jag Bains is the CTO of DOSarrest.

Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Nov 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //