By: Becky Bracken
Distributed denial-of-service, or DDoS, attacks are on the rise, and gaining in frequency and complexity. Fortunately, they present a real opportunity for service providers to yield a quantifiable benefit to just about every enterprise customer in just about any vertical market imaginable.
DDoS attacks have become the weapon of choice for computer hackers with a beef against religious organizations, governments, banks, and multinational corporations, among others. Early last month 13 so-called hacktivists from the collective known as Anonymous—Reuters reported that the alleged hackers run the gamut in age, from 21 to 65—were indicted in federal court in Alexandria, Va., for their DDoS attacks on the likes of the U.S. Copyright Office; the Library of Congress; the Recording Industry Association of America (RIAA) and the UK's British Recorded Music Industry (BPI); the Motion Picture Association of America (MPAA); and big dogs of the financial-services sector, including Visa, MasterCard and Bank of America. The attacks, nicknamed “Operation Payback” by Anonymous, were originally a reaction to adversaries of digital piracy and the shutdown, albeit a temporary one, of the file-sharing site the Pirate Bay in 2010.
In August the China Internet Network Information Center was bombarded by a DDoS attack that crippled the country’s state-run internet service for more than four hours. Although these kinds of attacks have been happening since the ’90s, they’re still very much a threat to network and enterprise security, and the responsibility ultimately rests with service providers to (1) detect the traffic spikes that are the calling card of DDoS attacks of all flavors and (2) mitigate the damage.
“Attacks are driven by multiple motivations: hacktivists, who target enterprises to protest; [the] financially motivated—carried out by organized crime—who look for financial gains and competitive advantage; and script kiddies, who look for fun and fame,” Ron Meyran, director of security solutions at Radware, told Pipeline. “Eventually, most DDoS attacks are generated by distributed botnets, while some are generated from people’s own computers, such as when talking about groups such as Anonymous.”
Radware’s numbers show that DDoS attacks have doubled in the past year, but the reason for the uptick isn’t solely due to the growing number of hacktivists with an ax to grind.
“I suspect that a significant portion of this increase is because organizations are just now becoming aware that the slowdowns they suffered are actually attacks,” Meyran said. “In many cases, organizations don’t have the tools to identify why the infrastructure is slowing down ... they think it’s a technical problem, then it stops and they think they’ve fixed the problem.”
Figures 1 and 2 below are taken from Radware’s “2012 Global Application and Network Security Report” for which the company’s Emergency Response Team (ERT) conducted surveys with enterprises.
Figure 1: