DDoS Attacks Hammering Targets Harder
It's the last thing organizations want to hear: Hackers are putting more punch in their distributed denial of service attacks, and they're using more of them to try and shut down their targets. The report from Prolexic shows hackers are using three times the bandwidth of previous DDoS attacks, which hammer digital targets with so many requests for information that they shut down. It's an uphill struggle for security experts to deal with these attacks because the tools are easy to get on the Web.
The number, size and impact of distributed denial of service (DDoS) attacks increased sharply in the first quarter of this year, according to a new report from Prolexic.
The average attack bandwidth in this period was 48.25 Gbps, 718 percent more than the 5.9 Gbps chalked up by attacks in the previous quarter. The average packet-per-second rate hit 32.4 million, and the average duration of an attack increased 7.14 percent, from 32.2 hours to 34.5 hours.
Hackers "are constantly changing up the signature and they're altering the rate at which they attack, which makes it difficult to defend against them," Prolexic CEO Scott Hammack told TechNewsWorld. "They start with a low rate when you're looking for a certain overage on a rate of attack and, when you move on, they slowly increase it."
The attacks have been launched by rogue states, criminal gangs, ad hoc groups of hackers and by hacker communities, said Marty Meyer, president of Corero Network Security. Their motives are "split fairly evenly among financial extortion, distraction and hacktivism."
What Prolexic Found
The total number of DDoS attacks increased by 1.75 percent in this past quarter, Prolexic said. Attacks against infrastructure went up 3.65 percent, but attacks against applications fell 3.85 percent.
More than 10 percent of the DDoS attacks against Prolexic's clients worldwide in Q1 averaged in excess of 60 Gbps. The largest attack the company mitigated peaked at 130 Gbps. It was launched in March against an enterprise customer.
Infrastructure attacks against Layers 3 and 4 of the OSI model -- the network and transport layers -- accounted for nearly 77 percent of the attacks during Q1. Layer 7 application attacks accounted for the remaining 23 percent.
The Nature of the Attacks
DDoS attacks consume computational resources such as bandwidth, disk space or processor time. They disrupt configuration information such as routing data, wreak havoc with state information (resetting TCP sessions, for example), disrupt physical network components, or shut down communications between users and victims.
Four attack types -- SYN, GET, UDP and ICMP floods -- were the ones attackers favored most, Prolexic said.
The average packet-per-second rate and the average bit rate spiked in the first quarter, and both are growing fast.
High packet rates are more damaging than high bandwidth rates, as well as the number of gigabits per second being transmitted during attacks, Hammack said. That's because a large number of small packets per second that consume 100 Gbps of bandwidth, for example, are harder to deal with than a smaller number of large packets consuming 100 Gbps.
The most DDoS attacks came from China, but the U.S., Germany and Iran were also sources.
Fighting the DDoS Attackers
"Law enforcement is very active in trying to shut down bots and find the perpetrators, but if you're halfway intelligent, it's easy to avoid law enforcement, and that's what's happening," Hammack said. "Plus, it's very difficult to go and track down the perpetrators if they're in rogue nations."
Further, the tools required to launch attacks "are easily obtained on the Internet and not very difficult to operate," Meyer told TechNewsWorld. Also "there are many methods that can be used to cloak one's actual origin point such as IP spoofing."
Although there have been several arrests and convictions of hackers, "that is only a small fraction of the perpetrators and is not a true deterrent," he added. "Going after a global base of malicious users is not feasible."
Enterprises can turn to DDOS attack service providers or they can invest in their own solutions. However, Meyer said organizations "have been slow to invest in hybrid solutions [which are installed both on premise and in the cloud] because they don't feel DDOS attacks create serious risk management issues."