Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Massive denial-of-service attacks pick up steam, new nefarious techniques

Ellen Messmer | Jan. 15, 2014
Several online gaming sites were recently hit by distributed denial-of-service (DDoS) attacks that used a new type of assault on the victims: a Network Time Protocol Amplification Attack.

According to Prolexic's report, the "traditional" attack vectors include the likes of ICMP and SYN floods but these declined last year in favor of UDP fragmentation floods.

Where do DDoS attacks come from?
According to Prolexic, the U.S. is thought to be the main source of DDoS attacks during the last quarter, constituting 23.62% of what Prolexic saw. That's up a disturbing 14.5% for the U.S. compared to the last quarter. China used to hold the top spot for DDoS but is now in second place at 19.09%. Thailand was third at 13.59% Other countries, including the United Kingdom, South Korea, India, Turkey, Italy, Brazil and Saudi Arabia all follow on a top 10 list.

DDoS attacks are often carried out by means of large-scale botnets that cyber-criminals control through compromised desktops or servers to manipulate them to launch streams of unwanted traffic at targets. It's possible to get a lot of firepower by stealthily taking over the servers in hosting centers around the world to do this. Some hosting centers (sometimes called bulletproof' hosting) simply don't seem to care.

Microsoft for several years has taken up the banner of shutting down botnets in takedowns wherever it can around the world, mainly by taking aggressive legal action whenever possible.

Rich Boscovich, assistant general counsel at Microsoft Digital Crimes Unit which carries out this anti-bot effort, says it involves getting visibility into malware and locating computers at ISPs all over the world. "We've taken third-party servers off hosting providers as part of our takedown," he says, adding, "We know there's significant chance of retribution from criminals when their botnets are taken away."

And Microsoft's network resources do become subject to DDoS attacks because criminals can quickly and easily re-purpose botnets that might have been used to generate spam, for instance, into cannons blasting out attack traffic. Among other things, Microsoft uses anti-DDoS gear from A10 Networks, custom-designed, says Boscovich. He declined to go into specifics about this but merely added DDoS  is a "real danger."

DDoS attacks are often measured based on speeds they achieve, the higher often being the most destructive in swamping networks or crashing applications, so anti-DDoS vendors are always striving to achieve higher speeds for defense. A10 Networks, for instance, which unveiled its Thunder line of standalone anti-DDoS gear today, said it can handle 37GGbps to 155Gbps. The company says service providers and large enterprises would be the most likely buyers. Prolexic says it saw DDoS attacks reaching 179Gbps in the last quarter.

What's the motivation behind DDoS attacks?
Admittedly, there's nothing particularly new about DDoS attacks which have been around in one form or another since the early days of the Internet, along with the later tales of botnets and the Russian cyber-mafia. But many say the motivations for trying to blast away at the networks and applications of others seems to have grown.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.