The later part of 2017 has seen a marked increase in the number and size of DDoS attacks around the world. The political crisis in Qatar was coupled by an attack on the Al Jazeera website – one of the largest news networks in the world, presidential elections in France were disrupted by attacks on Le Figaro and Le Monde websites, and in Great Britain, the website that was used for Brexit voter registrations was rendered useless due to an attack that stopped certain voters from registering.
In North America, the Federal Communications Commission (FCC) revealed plans for abolishing the principle of net neutrality and the ‘comment’ feature on the commission website was rendered inoperative for a day, and then totally disabled due to a massive attack on the website. It is interesting to note that money continues to remain one of the main driving forces for DDoS attacks. Cryptocurrencies, and the increasing interest in their exchange-value in the second quarter of 2017, continues to draw attention from cybercriminals. Bitfinex – the largest bitcoin exchange was under attack around the same time a new IOT-currency (IOTA) was launched. Apparently, the aim was to try and manipulate currency rates, which can be achieved quite easily due to the high volatility of cryptocurrencies. (Kaspersky Labs, 2017) The list of attacks seems never ending in the types of targets and the severity of the attack types being used.
The first quarter 2017, saw yet another advancement in the average attack duration – due to an increase in the ‘botnet-for-hire services’ like booters or stressers. These enable their users to launch short, low-volume bursts, causing such attack tools to be commonly used by non-professional offenders.
Law enforcement agencies have started to take attack initiators more seriously, as there have been growing financial losses from DDoS attackers. Mid-2017 saw a young man in Great Britain be sentenced to two years in prison for a series of attacks which were carried out half a decade ago, when he was still a student. The man had created the Titanium Stresser botnet – this is a simple-to-use service that let paying customers launch crippling online attacks against websites and individual Internet users. This caused over 1.7 million attacks against over 650,000 IP addresses, including Xbox Live, PlayStation, and plenty of other servers. The creator was able to yield a profit of over $500,000 by selling this botnet on the darknet.
The most discussed attack of the second quarter was a DDoS attack on Skype servers, leading to users being unable to make audio/video calls and over 1.5 billion users of this service all over the world experienced connectivity problems for over two days. The responsibility for the campaign was claimed by CyberTeam, but the motive behind this attack remain unknown.
The cyber-attack that brought down much of America’s internet in October 2016 was caused by a new weapon called the Mirai botnet and was likely the largest of its kind in history. Unlike other botnets, which are typically made up of computers, the Mirai botnet is largely made up of so-called “Internet of Things” (IoT) devices such as digital cameras and DVR players. Because it has so many internet-connected devices to choose from, attacks from Mirai are much larger than what most DDoS attacks could previously achieve. There are reports that Mirai’s attack strength was an extraordinary 1.2 terabits per second.
Overall, 80% of all DDoS attacks lasted less than one hour and, for the first time, 90% of network layer attacks lasting less than 30 minutes, compared to 78.2% in the fourth quarter 2016.
At the same time, there is a continued growth in the sophistication of DDoS offenders, reflected by a steep rise in multi-vector attacks. In the first quarter 2017, these accounted for more than 40% of all network layer attacks, up from 29% in the fourth quarter.
It is evident that DDoS attacks come in many shapes and forms, and Spirent’s CyberFlood offers two primary vectors to preemptively test:
- Testing against the actual ‘flood’ attack itself – Since a DDoS attack is a well-coordinated attack caused by manipulating 1000’s to 10’s of thousands of IoT devices simultaneously, the traffic that this attack generates is enormous. CyberFlood aids in finding these pain-points to ensure that you are prepared against attacks of this scale.
- Malware Constructs that are the BOT – CyberFlood has capability to test your traffic mix using active BOT’s that would typically install themselves on a compromised system and be the attack generator if they were to be activated.
In conclusion, DDoS attacks are getting stronger and more disruptive with every passing moment, and organizations need to be preemptively testing and be prepared in the event of such attacks. Not every person has access to ethical hackers, but enterprises do. The time to start leveraging experts to aid in managing your security arsenal is now, and Spirent is positioned to be your partner in your fight against cybercrime.
If you’re interested in learning more about our security solutions visit Spirent’s CyberFlood page. If you would like this level of security expertise for your company and want to speak to our security experts directly, contact us or register for our Cybersecurity live and on-demand webinars.
Spirent is Silver Sponsor of the UK-NL Cyber Security Showcase