DDoS attacks: Criminals get stealthier
by Jag Bains - CTO of DOSarrest - Friday, 23 May 2014.
Put simply: the intention of a DDoS is to take down a site; and if attackers can do it with one packet- why wouldn't they? With an application layer attack, it doesn’t have to be volumetric. If an attacker did due diligence to find that an area of the site, say a registration page, could only handle a certain low number of users at the same time- an attacker could target that page and easily take down the site.

Where DDoS attacks are concerned, the big and dumb attack is getting easier to deal with- while they still cause havoc and of course we still need to pay attention to volumetric attacks, they are easy to see and identify to make a pattern. We do still see these around as they are easy to generate, but at the same time they are just as easy to mitigate. It is the application attacks and headless browser attacks that we see as the biggest concern for the future. I can only surmise that the media hype is fueling the focus on volumetric DDoS attacks, which in turn is where the industry seems to be concentrating to meet expectations of customers. When actually, there is a rise in application attacks and we should be educating companies about these threats, as they will be the ones that will be the real consequence for businesses who place any sort of importance on their websites.

Jag Bains is the CTO of DOSarrest.


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th