DDoS in 2018: A Shift from Crashing Sites to Penetrating Them

With the proliferation of millions of poorly secured IoT devices, these attackers also have a ready and growing source of “fuel” to power massive botnets and generate crippling volumes of requests.

istock 585147856

Cyber vandals looking to make a create chaos still have a warm spot in their hearts for the tried-and-true distributed denial of service (DDoS) attack. With the proliferation of millions of poorly secured internet-of-things (IoT) devices, these attackers also have a ready and growing source of “fuel” to power massive botnets and generate crippling volumes of requests.

Even so, there has been a shift in emphasis and objective for many recent DDoS assaults. Rather than try to crash a website, these attacks increasingly seek to probe for vulnerabilities or serve as distractions in order to draw attention away from more stealthy incursions. This transition from an attack on website availability to one of website security will likely accelerate in the coming year, and DDoS defenses need to address this new reality.

In an October 2017 report profiling the DDoS attack landscape, security vendor Neustar found that, year-over-year, there had been a 27% increase in breach incidents that were experienced in concert with DDoS attacks. As we noted in an earlier post, even those companies experiencing just a single DDoS attack were found to also suffer from different types of coordinated infections: 52% were infected with viruses, 35% saw malware activated, and 21% experienced an associated ransomware attack.

If there was one good thing about a classic DDoS attack, it was that you knew an attack was underway when your website crashed. Now companies must be alert to the fact that seemingly minor traffic surges may, in fact, be one of the new breed of DDoS incursions.

Indeed, so-called “pulse” attacks are becoming more common. These DDoS assaults seek to stress networks and security systems in an attempt to identify vulnerabilities that can later be exploited. Especially attractive to attackers are weak “joints” between interconnected organizations, such as an online retailer and its payment processing partner.

Inherent in these forays, and eventual attacks, is the desire to move to higher levels of the IT stack. Layer 7 – that is, application layer – targeting is already common, and will become even more so in 2018.

Fortunately, the cybersecurity outlook for the coming year has some bright spots as well. As DDoS attacks evolve and become more sophisticated, so are the defenses designed to counter them. Some security systems, for example, are leveraging machine learning and other advanced technologies to more accurately identify and counter all types of cyber attacks.

For its part, Neustar expanded the capacity of its global DDoS Defense Network by a factor of eight during 2017 utilizing a new architecture built for the modern threat – massive nodes in many locations as opposed to the more traditional approaches of other security providers composed of lots of smaller nodes susceptible to being overwhelmed.

This dedicated DDoS mitigation network stands at 13 high-speed, large-capacity nodes totaling 8.7 terabits per second (Tbps) of capacity as Neustar rapidly expands to 27 nodes and more than 10 Tbps. This provides the scalability and capability to monitor global traffic and quickly spot attacks while delivering superior traffic routing performance for customers under all conditions.

Neustar has also launched a new solution, SiteProtect NG, purpose-built to provide DDoS protection for organizations whether their digital assets are on-premise or in the cloud. With growing numbers of companies adopting cloud-based applications and storage, the need to secure these remote assets has become a high priority.

In summary, while DDoS attacks are some new guises, DDoS defenses are also ramping up their game. Organizations need understand today’s DDoS realities, and ensure they aren’t equipped to only defend against yesterday’s DDoS attack model.


Copyright © 2017 IDG Communications, Inc.