DDoS attacks: Criminals get stealthier
by Jag Bains - CTO of DOSarrest - Friday, 23 May 2014.
Put simply: the intention of a DDoS is to take down a site; and if attackers can do it with one packet- why wouldn't they? With an application layer attack, it doesnít have to be volumetric. If an attacker did due diligence to find that an area of the site, say a registration page, could only handle a certain low number of users at the same time- an attacker could target that page and easily take down the site.

Where DDoS attacks are concerned, the big and dumb attack is getting easier to deal with- while they still cause havoc and of course we still need to pay attention to volumetric attacks, they are easy to see and identify to make a pattern. We do still see these around as they are easy to generate, but at the same time they are just as easy to mitigate. It is the application attacks and headless browser attacks that we see as the biggest concern for the future. I can only surmise that the media hype is fueling the focus on volumetric DDoS attacks, which in turn is where the industry seems to be concentrating to meet expectations of customers. When actually, there is a rise in application attacks and we should be educating companies about these threats, as they will be the ones that will be the real consequence for businesses who place any sort of importance on their websites.



Jag Bains is the CTO of DOSarrest.

Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //