DDoS attacks: Criminals get stealthier
by Jag Bains - CTO of DOSarrest - Friday, 23 May 2014.
Put simply: the intention of a DDoS is to take down a site; and if attackers can do it with one packet- why wouldn't they? With an application layer attack, it doesnít have to be volumetric. If an attacker did due diligence to find that an area of the site, say a registration page, could only handle a certain low number of users at the same time- an attacker could target that page and easily take down the site.

Where DDoS attacks are concerned, the big and dumb attack is getting easier to deal with- while they still cause havoc and of course we still need to pay attention to volumetric attacks, they are easy to see and identify to make a pattern. We do still see these around as they are easy to generate, but at the same time they are just as easy to mitigate. It is the application attacks and headless browser attacks that we see as the biggest concern for the future. I can only surmise that the media hype is fueling the focus on volumetric DDoS attacks, which in turn is where the industry seems to be concentrating to meet expectations of customers. When actually, there is a rise in application attacks and we should be educating companies about these threats, as they will be the ones that will be the real consequence for businesses who place any sort of importance on their websites.

Jag Bains is the CTO of DOSarrest.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th