Six reasons your next DDoS attack will be less visible, but more disruptive

Businesses need to approach DDoS mitigation as an evolving and ever-present, 24/7 threat rather than an occasional risk.

ddos attack 1

DDoS has been democratized.

You no longer need a legion-sized following to orchestrate a distributed denial of service (DDoS) attack. Previous DDoS approaches tapped host computing devices in the thousands or millions, easily overwhelming unprepared sites with fake traffic. Soon after the Holiday attacks on Sony’s PlayStation Network, the group Lizard Squad unveiled its DDoS-for-hire tool, allowing anyone to easily launch a cyberattack. If the masses have easier access to cybercrime on a budget, organizations are at the whim of any disgruntled employee, college kid or competitor. Moving forward, businesses will need to approach DDoS mitigation as an evolving and ever-present, 24/7 threat rather than an occasional risk.

ddos attack 2

IT security teams have smartened up.

Giant traffic spikes caused by floods of dummy computers or the multiplier effect of the reflection attacks that were in vogue last year made large DDoS attacks easy to detect. The network time protocol (NTP) vulnerability caused widespread reflection attacks to overwhelm many security safeguards, but networks witnessed a drop in this type of DDoS attack in 2014 after administrators upgraded or patched against potentially malicious NTP traffic. Given the ease with which security teams can spot abnormal peak traffic, they are adjusting their strategies to handle new cyberattack methods, which will rely more heavily on multi-vector approaches or targeted tactics that are smaller or more difficult to spot.

ddos attack 3

But attack strategies are smarter.

Unlike NTP distributed reflection denial of service (DrDoS) attacks, SYN floods and application-layer attacks to Web servers can be much trickier to defend against using conventional network hardware. Typically, application-layer attacks target TCP/80, which malicious parties know to be the same port required to serve legitimate traffic. These types of attacks can also be smaller in terms of bit and packet volumes, making these sneaky insurgencies tougher to detect among real users. While the low-volume approach may pose less of a threat to ISPs that have ample infrastructure capacity, it can impact enterprises or service providers that don’t have excess bandwidth or DDoS mitigation already in place.

ddos attack 4

There are new sources of Web traffic.

To date, the largest volumes of DDoS traffic have stemmed from countries with large online populations, such as China, the United States and Russia. In the future, Vietnam, India and Indonesia will be major countries of origin for cyberattacks, according to a recent Black Lotus Threat Report. The countries’ up-and-coming popularity will be largely due to their volume of compromised end-point devices, such as smartphones and tablets, making them untapped resources for new botnets.

ddos attack 5

Website hacks are more than outages.

In the early days of DDoS, attacks were largely orchestrated opportunistically, for the “lulz,” or for political and ideological statements, where attackers took down websites to silence their points of view. Businesses and government organizations continue to see this type of denied freedom of expression, such as the outages to Russian media sites covering the conflict with Ukraine; however, DDoS attacks have evolved to be part of schemes that are more complex as well. Hackers now use DDoS attacks in conjunction with other malicious vectors, such as distracting IT teams to find user credentials, which can be used to control company systems or secure customer billing information for monetary gain. Furthermore, attacks via domain name servers (DNS) cause hackers to spoof IP addresses, which can cause the victim’s site URL to be hijacked, redirecting visitors to malicious or fake sites, which Malaysia Airlines recently suffered.

ddos attack 6

One-sized walls will not fit all.

Think the security settings on your router are enough to keep DDoS attack traffic at bay? Well, you’re probably wrong. It’s foolish to try to “set and forget” one type of software or hardware to handle most types of attacks. If the evolution of volumetric, NTP, DNS and other types of cyberattacks has taught us anything, it’s that cybercriminals continue to try to stay one step ahead of IT security teams. If organizations leave their security measures up to default settings or outdated threats, they will be vulnerable to the next attack method that arises. They should instead adopt a holistic web of security services that can evolve with their businesses and new threats that will surface. When it comes to new cyberthreats, teams that over-prepare instead of underestimate new attack methods will be the most successful.

Copyright © 2015 IDG Communications, Inc.