Threat Management, Network Security, Network Security

Business Wire under sustained DDoS attack, traffic slowed

A persistent distributed denial of service (DDoS) attack over the past week has prompted a slowdown on the Business Wire website, but seemingly hasn't exposed client data, company Chief Operating Officer (COO) Richard DeLeo told customers in a Tuesday alert.

“There is no evidence that any systems or client information have been compromised,” DeLeo said, stressing that the attack, which has been ongoing since Jan. 31, “is attempting to make our service portal unavailable.”

He also noted that the attack hasn't had any impact on the portal's ability to disseminate content.

“In the case of a targeted DDoS attack such as the one on Business Wire, it is always prudent to look for signs of another sneakier attack going on while the security teams are fighting off what is essentially a diversion,” warned Mounir Hahad, head of threat research at Juniper Networks.

Stephanie Weagle, vice president of marketing at Corero Network Security, said that while “the motivations behind the sustained attack against Business Wire news service remain unknown, the event has far-reaching impact with users experiencing significant service degradation.”

Weagle added that “relying on Cloud based DDoS mitigation services to knock down the attack traffic, while allowing good user traffic to reach its intended destination, is not always an economically sustainable method for long duration attacks.”

The average company experiences 15 DDoS attacks annually, according to a recent A10 Networks report that also found the average attack results in at least 17 hours of effective downtime. Average peak bandwidths have bumped up considerably, often registering between 30-40 Gbps, with many attacks clocked larger than that.

Weagle said that Corero DDoS Trend Analysis research showed that DDoS attacks nearly doubled in the second half of 2016, “with many companies now experiencing an average of eight attacks” daily. “These attacks are also largely multi-vector in nature, and are proving to be more advanced and difficult to defeat with traditional infrastructure security tools,” she continued, attributing the uptick to the acceleration of vulnerable IoT devices. “As the number of connected devices grows, so do the threats that come with it, making this another major concern in cybersecurity for any Internet dependent business,” Weagle added.

Citing the Satori botnet operators' exploitation of vulnerabilities in D-Link devices, as well as another unnamed threat actor building a botnet by leveraging flaws in Huawei devices, Hahad said that “IoT botnet build-up will continue as threat actors acquire knowledge in Linux-based malware, which is the operating system of most IoT devices out there.”

Both the D-Link and Huawei devices are consumer products “that are deployed in large quantities and are not updated regularly to close security gaps,” the Juniper threat research expert said, adding that “the typical usage of these botnets is for either cryptocurrency mining, DDoS attacks or both.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.