Twitter Facebook Google RSS
 
National Defense > Blog > Posts > Denial of Service Attacks Increasing In Number and Intensity, Says Report
Denial of Service Attacks Increasing In Number and Intensity, Says Report
By Valerie Insinna


 
Businesses are seeing an increase of Distributed Denial of Service (DDoS) attacks in comparison to last year, with attacks becoming shorter but more robust, according to a quarterly report released Oct. 16 by DDoS mitigation company Prolexic.
 
During a DDoS incident, an attacker prevents users from being able to access a website. In order to achieve this, he typically uses malware to infect a network of computers, or botnet. The attacker can control the botnet to overwhelm a website with data and requests, forcing it to crash or become slow to the point of being unusable.
 
For businesses, DDoS attacks can be crippling, resulting in a loss in profit or customer service until the website can be restored. Prolexic’s report found DDoS incidents have increased by 88 percent when compared to the same period of time last year.

Perhaps more troubling, the incidents are becoming more intense, using higher bandwidth volumes. Prolexic President Stuart Scholly said that on average the company is seeing attacks with a bitrate of 20 gigabites per second or more every eight days. Few enterprises have networks with the capacity to withstand attacks of that size, he added.
 
China continues to be the top source country for attacks, responsible for about 35 percent, with the United States following with 27 percent, the report found. Although the United States was the source country for only 8.76 percent of attacks last quarter, Scholly said the United States is typically the second-ranked source country after China.
 
“Twenty gigs is the new norm,” he said. “There's no doubt in my mind that that trend continues.”
 
A DDoS toolkit called “itsoknoproblembro” was responsible for the majority of the high bandwidth floods this quarter, the report stated. The toolkit is especially effective because it targets vulnerable servers instead of individual computers, making the botnet easier to control and yielding a higher bandwidth, Scholly said.
 
“What might have taken 50,000 compromised home machines before might only take a couple thousand servers now,” he said. “And it's easier to coordinate the activities of a couple thousand high capacity machines."
 
The toolkit has been linked in reports to the suspected attacks on financial institutions during September, but Scholly would not comment on what companies were attacked, citing customer privacy.
 
"What I can tell you is that this toolset is something that we've been observing over the years, and we've seen it used in multiple sectors,” he said. “It was has by no means been targeted at one individual sector."
 
Scholly would also not comment on what actors were responsible for the toolkit. Motivation for attacks can vary from state-sponsored activities, competing companies trying to get an economic advantage, or the overloading a server as a means of social protest, he said.
 
Another continuing trend is the growing popularity of shorter attacks, Scholly said. “The more you expose your botnet during an attack, the greater likelihood that you have for someone to start taking it down,” he said. “So you want to accomplish your goal, and then kind of move on.”
 
Photo Credit: Istockphoto

Comments

There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share