Incident Response, TDR, Vulnerability Management

Tidal waves of spoofed traffic: DDoS attacks

While massive retail breaches dominated headlines in 2014, with hacks involving state-sponsored threats coming in a strong second, distributed denial-of-service (DDoS) attacks continued to increase, both in the volume of malicious traffic generated and the size of the organizations falling victim. 

Recently, both the Sony PlayStation and Xbox Live gaming networks were taken down by Lizard Squad, a hacking group which is adding to the threat landscape by offering for sale a DDoS tool to launch attacks

The Sony and Xbox takedowns proved that no matter how large the entity and network, they can be knocked offline. Even organizations with the proper resources in place to combat these attacks can fall victim. But looking ahead, how large could these attacks become? 

According to the “Verisign Distributed Denial of Service Trends Report,” covering the third quarter of 2014, the media and entertainment industries were the most targeted during the quarter, and the average attack size was 40 percent larger than those in Q2. 

A majority of these insidious attacks target the application layer, something the industry should be prepared to see more of in 2015, says Matthew Prince, CEO of CloudFlare, a website performance firm that battled a massive DDoS attack on Spamhaus early last year. 

Of all the types of DDoS attacks, there's only one Price describes as the “nastiest.” And, according to the “DNS Security Survey,” commissioned by security firm Cloudmark, more than 75 percent of companies in the U.S. and U.K. experienced at least one DNS attack. Which specific attack leads that category? 

You guessed it. “What is by far the most evil of the attacks we've seen…[are] the rise of massive-scale DNS reflection attacks,” Prince said. 

By using a DNS infrastructure to attack someone else, these cyber assaults put pressure on DNS resolver networks, which many websites depend on when it comes to their upstream internet service providers (ISP). 

Believing these attacks are assaults on their own network, many ISPs block sites in order to protect themselves, thus achieving the attacker's goal, Prince said. By doing so “we effectively balkanize the internet.” 

As a result, more and more of the resolvers themselves will be provided by large organizations, like Google, OpenDNS or others, says Prince. 

That in itself could lead to an entirely different issue: Consolidating the internet. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.