DDoS: Deceptive Denial Attacks

Uploaded on 2016-10-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Distributed Denial of Service (DDoS) attacks are often quite unsophisticated, brute force attempts to disable a website or network by barraging it with traffic, but the damage they can do to victims can be considerable.

When it comes to DDoS attacks, it’s easy to get distracted by the record-breaking size of the latest attacks.  Like a strength tester fairground game, we are all mesmerised by the gigantic numbers involved as new DDoS attacks break previous records, such as the huge 470GBps attack on a Chinese gambling site earlier this year, or the reported 602GBps attack against the BBC last year.

But what do these numbers really mean? In truth, the increasingly sophisticated techniques that bad actors deploy are making the reported sizes of attacks increasingly redundant.

For example, amplification techniques can intensify the size of attacks and simultaneously mask the source of attack traffic. This means that a 100GBps attack with a small upscale of 10x could actually harness the same power as a terabit-sized attack, while a sub-saturating 2GBps attack which might not even be detected by your DDoS mitigation system could knock all your firewalls offline.

The vast majority of these attacks are less than five minutes in duration and under 1GBps in size. So why do they pose such a threat?

The truth is that hackers are using these small attacks to experiment with new techniques without being spotted by security teams. This is due to the fact that the majority of legacy DDoS mitigation tools can only be deployed out-of-band and are therefore limited to only inspecting events that cross certain bandwidth thresholds.

Additionally, since they rely on coarse sampling followed by traffic redirection, which takes time, these DDoS scrubbing solutions are only capable of investigating events of more than five minutes in duration, meaning that hackers can use short-lived and low-bandwidth attacks to trial the success of new techniques under the radar.

Once attackers have perfected their new methods in private, they can then wield enormous power by deploying these tactics at wide range. When executed, these strategies catch organisations on the back foot, because the techniques haven’t been seen before, security teams have not set up any firewall or DDoS protection rules to defend against them, and they are therefore left scrambling around trying to find a solution when an attack is already in place.

This is particularly concerning in light of the increased use of amplification techniques, which allow bad actors to intensify the size of their attacks, and to simultaneously mask the source of attack traffic.  Using this method, attackers typically spoof look-up requests to domain name system (DNS) servers to hide the source of an attack, and re-direct the response to their target.

By relaying the original request through a botnet, and utilising a high percentage of large packet fragments, an attacker can amplify the size of their attack to up to 100 times larger than its original size.

So how can organisations protect themselves?  

The first step to greater security is to familiarise yourself with the trends in the DDoS landscape and to start looking more closely at lower level activity within your environment.

Small-scale, sub-saturating DDoS attacks are truly the calm before the storm, and observing them in real-time is the best way to prepare your organisation from the plethora of new techniques that attackers are experimenting with.

Second, the most effective way to protect your organisation’s entire security infrastructure in the event of an attack is to have DDoS protection installed in-line, at the Internet edge.

This eliminates the need to manually analyze events and re-route traffic for cleaning, and ensures that the time from detection to mitigation of an attack shrinks to almost nothing. This type of protection can usually be purchased as-a-service through your Internet Service Provider, which allows customers to take advantage of the increased visibility of their entire network infrastructure.

Because it is always on, this type of automatic attack mitigation provides continuous visibility and forensics, and means that there is no need to resign ourselves to the ever-changing threat of DDoS attacks.

Information Age

 

« Internet of Insecure Things
Work Traveling - You’re a Prime Hacker Target »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

ReFoMa

ReFoMa

ReFoMa is a consultancy and advisory company with a focus on information Security.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Ministry of Information and Communications (MIC) - Vietnam

Ministry of Information and Communications (MIC) - Vietnam

The Ministry of Information & Communications of Vietnam is the policy making and regulatory body in the field of information technology and national information and and communication infrastructure.

BlackFog

BlackFog

BlackFog is a leader in device data privacy, data security and ransomware prevention. Our behavioral analysis and anti data exfiltration technology stops hackers before they even get started.

Grove Group

Grove Group

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

RKVST

RKVST

RKVST is a powerful tool that builds trust in multi-party processes when it’s critical to have high assurance in data for confident decisions.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

TOTM Technologies

TOTM Technologies

TOTM Technologies provides end-to-end identity management and biometrics products, powering Digital identity and Digital onboarding solutions.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

IDCARE

IDCARE

IDCARE is Australia and New Zealand’s national identity & cyber support service. Our service is the only one of its type in the world.

Telcion Communications Group

Telcion Communications Group

Telcion Communications Group provides communication and IT solutions to businesses and organizations throughout California and neighbouring states.