MY TAKE: Why DDoS attacks continue to escalate — and how businesses need to respond

Law enforcement’s big win last month dismantling ‘Webstresser,’ an online shopping plaza set up to cater to anyone wishing to purchase commoditized DDoS attack services, was a stark reminder of the ever present threat posed by Distributed Denial of Service attacks.

Related video: How DDoS attacks leverage the Internet’s DNA

The threat actors running Webstresser accepted all paying customers — no questions asked.  Anybody could use Webstresser’s online payment system to rent out stressers or booters, available for hire for as little as $18 per month — and most effective at flooding targeted servers with traffic, no technical skills required.

Webstresser had more than 136,000 registered users who patronized it to launch some 4 million DDoS attacks against government agencies, banks, police and gambling sites, according to Europol. Keep in mind, Webstresser is just one colorful example of how far DDoS attacks have come.

DDoS originated a decade or more before anyone ever thought up ransomware attacks; and DDoS has advanced and expanded, approximately on par with targeted phishing and leading-edge data breach tactics.

I recently had a chance to discuss the current state of DDoS threats with Lee Chen, CEO of A10 Networks, a leading supplier of advanced DDoS detection and mitigation systems. For a full drill down on our discussion please listen to the accompanying podcast. Here are a few takeaways:

Daily attacks

DDoS attacks aim to maliciously knock out networks, Web-based applications, and or Internet delivered services by overwhelming or impairing them. They happen on a daily basis all across the business and government landscape.

Verisign’s DDoS trend report for Q4 2017 shows the number of attacks rising 25%, quarter-to-quarter, in 2017, with financial services firms the no. 1 target, followed by IT and cloud services entities, the telecom sector, media and entertainment companies and ecommerce sites. T

The motive behind a DDoS attack can be all over the map. Essentially, they perpetrator wishes to sully the targeted organization’s brand, reputation and profitability, for reasons ranging from competitive rivalry to ideological beliefs to vindictive revenge.

“Distributed Denial of Service is not a new type of attack, but DDoS attacks are just getting bigger and much more frequent,” Chen told me. “Also it’s getting easier. It costs less than $100 for anyone to go on a web site to initiate a one-week attack. And we know that one third of IT down time is due to DDoS attacks.”

Manifold variants

Chen and I discussed the frenetic expansion of cloud services, the Internet of Things and DevOps — aka ‘Digital Transformation.’ This trend is spurring companies to innovate on the fly. By the same token, this empowerment has quite clearly spread to cybercriminals, including DDoS specialists.

“The explosion of the cloud, and the virtualized world has provided a tremendous resource, mostly benefiting the end user, with new Web experiences,  but it has also benefited the attackers,” Chen observed.

To wit, modern day DDoS attacks come in a wide array of highly sophisticated variants that can be generally be segmented into three buckets:

•Volumetric attacks. A massive amount of nuisance traffics overwhelms the bandwidth of a website, rendering it inaccessible. Botnets, comprised of thousands of computing nodes under the control of one person, are perfect for executing these attacks. And the latest development is IoT botnets being used for DDoS. Threat actors have assembled infected IoT devices, such as home routers, into massive botnets that can be directed to conduct DDoS campaigns.

•Protocol attacks. This type of attack attempts to disrupt connections between  actual web servers, firewalls and load balancers – by consuming all of the processing capacity of the targeted asset, thus exhausting the finite number of concurrent connections the device can support.

•Application attacks. This type of attack aims to monopolize the processes and transactions available in a targeted application, via exploiting known vulnerabilities. These “low and slow attacks” require only a few attack machines to execute, and generate a modest rate of traffic that looks legitimate.

Keeping pace


Preparing to withstand a DDoS attack that might arrive in a massive wave, or low and slow application layer attack. may seem daunting.  The good news is that DDoS detection and mitigation is a well-established sector of the cybersecurity industry; innovation by a strong group of established vendors is keeping pace.

A10, for instance, was launched in 2004, and it recently launched a new service, called A10 Networks One-DDoS Protection that utilizes machine learning to monitor multiple systems and build baseline models that get better and better at detecting early signs of low and slow attacks beginning to unfold.

“It is really important to select a trusted vendor who can deliver a converged solution,” Chen espouses. “Most companies today are no longer purely based on the traditional data center; they’ve already moved some things to the cloud. So what’s needed is a solution that’s effective for both.”

(Editor’s note: Last Watchdog has provided consulting services to A10 Networks.)

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: