Botnet-distributed denial-of-service attacks (DDoS) are becoming more intelligent and harder to detect, a move that spells bad news for businesses. Bot-herders are abandoning traditional DDoS attacks in favour of smaller but more targeted attacks. For example, instead of simply flooding a website's main page, the targeted attacks will use embedded applications on the website - such as searches - that require server- and/or database- intensive processes. A much smaller number of these queries can bring down a website.
According to Paul Sop, chief technology officer at Prolexic, around 20% of the attacks late last year were of this "custom" type, and he expects that number to double in the next 12 months. "In a classic DDoS scenario, attacking bandwidth could be fought with defending bandwidth, and technology now allows businesses good defences," he explained.
"With custom attacks it is much harder. Criminals are looking at the target website carefully, and then designing requests that will defeat load-balanced servers by creating high back-end database load.