Politics, rather than good old-fashioned theft, is increasingly the motivation of malicious hackers who attack websites using DDoS techniques.
Arbor Networks has found that ideological hacktivism was the motivation behind most distributed denial of service (DDoS) attacks in 2011.
Attacks for profit or competitive reasons still happen, but the rise of the political hacker is changing the threat landscape, Arbor warns.
“Businesses should definitely be cognizant of the potential impact that policy changes and outbound corporate statements might have in the public forum,” Carlos Morales, a vice president at Arbor, told TechNewsWorld.
However, “with social media, personal websites and other forms of individual communication, there is always the potential that individuals from a business could advertently or inadvertently offend a group of hacktivists,” Morales continued.
Plenty of Room for All
There has been “a significant increase” hacktivist attacks, Ron Meyran, director, security products at Radware, told TechNewsWorld. About 33 percent of attacks reported to the company are politically motivated.
However, recent research by Corero in the United States found that the leading cause of DDoS attacks is “competitors seeking unfair business advantages,” Marty Meyer, Corero’s CEO, told TechNewsWorld.
The conflicting findings only go to show the level of activity among hackers.
“There is still a lot of activity in both types of attacks, cybercriminal and politically motivated,” Neal Quinn, vice president of operations at Prolexic, told TechNewsWorld. “All of that has long been a part of DDoS [attacks] and will be so for the foreseeable future.” He includes industrial cyberespionage under cybercrime.
What Arbor Found
It’s become easier to launch DDoS attacks because lots of tools for this are readily available on the Internet, Arbor found.
Arbor has listed these tools together with brief descriptions. They include Fg Power DDOSER, GB DDoSeR v3, Silent-DDoSer and Drop-Dead DDoS.
“Overall, DDoS attack frequency is increasing, with 91 percent of respondents seeing one or more attacks per month, and 44 percent seeing 10 or more attacks per month,” Arbor’s Morales stated.
There was a significant increase in high-bandwidth DDoS attacks in the 10 Gbps range, with 13 percent of the respondents reporting attacks greater than 10 Gbps. Another 25 percent reported DDoS attacks that exceeded the total bandwidth available for incoming network traffic into their data center.
The single largest reported DDoS attack was 60 Gbps. However, this was much smaller than the 100 Gbps attack reported in 2010, Arbor said. Still, smaller attacks in the tens of Gbytes range could suffice to take down a business, so network operators need to be wary.
About 40 percent of attacks are greater than 1 Gbps, Morales said.
Arbor found that DDos attacks are becoming more sophisticated and complex. Further, more than 40 percent of respondents reported that their inline firewalls and intrusion prevention systems, or both, crashed under attack.
Nearly 90 percent of respondents to Arbor’s survey reported http-based application-layer attacks on their networks, Morales said. Such attacks are “low-bandwidth, difficult to detect and are typically not detected until a service fails.” They can, therefore, lead to “heavy operational expense and revenue loss.”
The survey covers the period October 2010 through November 2011. Respondents consisted of 114 service providers worldwide.
Girding Up for DDoS Attacks
It’s not really possible to avoid DDoS attacks, so organizations need to prepare for a hit.
“A well-thought-out and well-tested response and mitigation is important,” Prolexic’s Quinn said. “You need to have it, need to understand it, and have your organization do dry runs to know how to use it.” Combating DDoS attacks requires “a plan and a playbook to follow … just like you do with any other type of business continuity plan.”
Organizations should first perform a risk assessment and define what IT assets are critical, what should be protected, and work out how much funds they’ll need, Radware’s Meyran said. Then they should build a resilient perimeter network architecture that addresses the problems identified in the risk assessment.