DDoS: Deceptive Denial Attacks

Uploaded on 2016-10-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Distributed Denial of Service (DDoS) attacks are often quite unsophisticated, brute force attempts to disable a website or network by barraging it with traffic, but the damage they can do to victims can be considerable.

When it comes to DDoS attacks, it’s easy to get distracted by the record-breaking size of the latest attacks.  Like a strength tester fairground game, we are all mesmerised by the gigantic numbers involved as new DDoS attacks break previous records, such as the huge 470GBps attack on a Chinese gambling site earlier this year, or the reported 602GBps attack against the BBC last year.

But what do these numbers really mean? In truth, the increasingly sophisticated techniques that bad actors deploy are making the reported sizes of attacks increasingly redundant.

For example, amplification techniques can intensify the size of attacks and simultaneously mask the source of attack traffic. This means that a 100GBps attack with a small upscale of 10x could actually harness the same power as a terabit-sized attack, while a sub-saturating 2GBps attack which might not even be detected by your DDoS mitigation system could knock all your firewalls offline.

The vast majority of these attacks are less than five minutes in duration and under 1GBps in size. So why do they pose such a threat?

The truth is that hackers are using these small attacks to experiment with new techniques without being spotted by security teams. This is due to the fact that the majority of legacy DDoS mitigation tools can only be deployed out-of-band and are therefore limited to only inspecting events that cross certain bandwidth thresholds.

Additionally, since they rely on coarse sampling followed by traffic redirection, which takes time, these DDoS scrubbing solutions are only capable of investigating events of more than five minutes in duration, meaning that hackers can use short-lived and low-bandwidth attacks to trial the success of new techniques under the radar.

Once attackers have perfected their new methods in private, they can then wield enormous power by deploying these tactics at wide range. When executed, these strategies catch organisations on the back foot, because the techniques haven’t been seen before, security teams have not set up any firewall or DDoS protection rules to defend against them, and they are therefore left scrambling around trying to find a solution when an attack is already in place.

This is particularly concerning in light of the increased use of amplification techniques, which allow bad actors to intensify the size of their attacks, and to simultaneously mask the source of attack traffic.  Using this method, attackers typically spoof look-up requests to domain name system (DNS) servers to hide the source of an attack, and re-direct the response to their target.

By relaying the original request through a botnet, and utilising a high percentage of large packet fragments, an attacker can amplify the size of their attack to up to 100 times larger than its original size.

So how can organisations protect themselves?  

The first step to greater security is to familiarise yourself with the trends in the DDoS landscape and to start looking more closely at lower level activity within your environment.

Small-scale, sub-saturating DDoS attacks are truly the calm before the storm, and observing them in real-time is the best way to prepare your organisation from the plethora of new techniques that attackers are experimenting with.

Second, the most effective way to protect your organisation’s entire security infrastructure in the event of an attack is to have DDoS protection installed in-line, at the Internet edge.

This eliminates the need to manually analyze events and re-route traffic for cleaning, and ensures that the time from detection to mitigation of an attack shrinks to almost nothing. This type of protection can usually be purchased as-a-service through your Internet Service Provider, which allows customers to take advantage of the increased visibility of their entire network infrastructure.

Because it is always on, this type of automatic attack mitigation provides continuous visibility and forensics, and means that there is no need to resign ourselves to the ever-changing threat of DDoS attacks.

Information Age

 

« Internet of Insecure Things
Work Traveling - You’re a Prime Hacker Target »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Zayo

Zayo

Zayo is a leading global bandwidth infrastructure services provider for high-performance connectivity, secure colocation and flexible cloud services.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

BlueFiles

BlueFiles

BlueFiles enables users to send encrypted files securely while maintaining full control over recipients, access periods, downloads, and printing.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

CyCraft Technology Corp

CyCraft Technology Corp

CyCraft is an AI company that forges the future of cybersecurity resilience through autonomous systems and human-AI collaboration.

Andreessen Horowitz (a16z)

Andreessen Horowitz (a16z)

Andreessen Horowitz (known as "a16z") is a venture capital firm in Silicon Valley, California that backs bold entrepreneurs building the future through technology.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

Stealth-ISS Group

Stealth-ISS Group

Stealth–ISS Group is your extended IT, cyber security, risk and compliance team, providing strategic guidance, engineering and audit services, along with technical remediation and security operations.

Predatech

Predatech

A cyber security consultancy offering a range of services, including CREST accredited penetration testing, vulnerability assessments and certifications incl. Cyber Essentials & Cyber Essentials Plus.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

CyberSalus

CyberSalus

CyberSalus is a pioneering cyber tech services company dedicated to protecting the digital integrity of healthcare organizations.