Network Security, Incident Response, Network Security, TDR, Threat Management

Hacktivist-led DDoS is now the most common type, study finds

For the first time, political motivation rates as the top driver behind DDoS attacks, in which the availability of websites buckle under the weight of floods of traffic, according to a study released by security firm Arbor Networks.

The findings of the seventh annual "Worldwide Infrastructure Security Report," released Tuesday, should surprise few people, considering the meteoric rise of online "hacktivist" collective Anonymous, which has been responsible for not only launching many of these ideologically propelled attacks, but also in encouraging others to join in. Previously, financial fraud, with a clear organized criminal motivation, rated as the number one driver.

Now that knocking a site offline – and then demanding a ransom to return it to its normal state -- is no longer the most likeliest scenario, more organizations than ever may be unprepared for such attacks, according to Arbor.

"What we saw in 2011 was the democratization of DDoS," Roland Dobbins, an Arbor solutions architect and the report's main author, said. "Any enterprise operating online – which means just about any type and size of organization – can become a target because of who they are, what they sell, who they partner with or for any other real or perceived affiliations."

Dobbins said the attackers increasingly are being aided by "inexpensive and readily accessible attack tools." One such example is the Low Orbit Ion Cannon, which allows even the technically challenged to use their computer to automatically direct sustained and frequent IP packets at a target.

The socially motivated DDoS barrage – often seen by their purveyors as the internet-era version of civil disobedience – really began taking off in late 2010, when the Anonymous group temporarily knocked offline sites that were unsympathetic to whistleblower organization WikiLeaks, such as MasterCard and PayPal. Since then, Anonymous and affiliated groups, such as LulzSec, have counted various police departments, the CIA, the U.S. Department of Justice and the Motion Picture Association of America, among others, as victims.

According to the Arbor study, the DDoS attacks it studied remained massive in size. The largest such incident measured 60 gigabits per second, down from 100 Gbps in 2010, but still large enough to knock a business offline.

[An earlier version of this story incorrectly spelled Dobbins' first name].

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.