Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 8 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Shutting down the internet: how DDoS has evolved to take on the world

by The Gurus
November 14, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

Gad Elkin, Head of EMEA Security, F5 Networks
Despite the ever-changing arsenal of today’s hackers, the Distributed Denial of Service (DDoS) attack has remained a permanent fixture since it burst onto the scene, striking fear into the hearts of businesses all over the world as critical processes become increasingly reliant on network access. Seemingly every day, the strength at which such attacks are administered reaches new heights, now being registered at 500Gbps, representing a 60 times increase in 11 years. Perhaps most worrying, however, is the diversity that the DDoS attack has shown since it first appeared, evolving almost constantly to evade cyber-defences.
This evolutionary perception of cyber-techniques has even broken through to the consumer sphere – our latest research showed that 72% of consumers believe that hackers are getting more sophisticated. Furthermore, over half (61%) of respondents believed that businesses are not doing enough to protect themselves and their customers from cyber-attacks, a notion emphasising the need for companies to act quickly or risk losing revenue.
A long-term threat
It seems as though we’ve been talking about DDoS for a long time now. In fact, basic DoS attacks existed before the commercial internet, but it wasn’t until the turn of the millennium that DDoS attacks began tormenting businesses. Now simple, cheap, usually anonymous and more accessible to the common individual than ever before, businesses from a range of industries have been targeted by DDoS attacks. Recent high-profile victims include GitHub, Ashley Madison, Carphone Warehouse and Talk Talk, showing that these methods remain as potent as ever.
Let’s take a look at some of the techniques and trends that have emerged recently:
DDoS extortion
Ironically, the first tactic aims to be effective without launching an attack. The modus operandi of extortion attacks see victims receive an email explaining who the attackers are and even linking to some recent blogs written about them and their tactics. Eventually, protagonists state that unless a fee is paid (usually around 40 Bitcoin but demands can go into the hundreds), a large-scale DDoS attack will be launched.
An additional trend we are seeing across the majority of emerging tactics is that they are often employed as diversions. While victims are focusing defences on high-volume attacks, hackers are actually targeting a local application. Therefore, offenders aren’t necessarily aiming to disrupt a website or service, but instead steal personal or financial data by gaining access to an application with a secondary assault.
Dark DDoS
The perfect example of how techniques have evolved, Dark DDoS takes advantage of that fact that most IT departments can only detect attacks above 1GB per minute. Cyber-criminals therefore send out constant, low-volume bursts over a longer period, so low in bandwidth that the victim is unable to detect them. This method is becoming an integral facet to a hackers’ toolkit, used as a distraction, or as an active part of a sophisticated multi-layered attack.
Dark DDoS is less focused on the traditional purpose of denial of service attacks and are more aggressive, targeting the security architecture of individuals’ devices rather than simply disrupting a service. It is a technique growing particularly quickly, as the non-detectable threshold in which it is conducted allows cyber-criminals to torment organisations while keeping security teams and traditional scrubbing solutions blind to the threat.
DDoS as-a-service
The simplicity of administering a DDoS attack is demonstrated by its availability on online professional marketplaces. Previously only available on the Dark Web, hacking services can now be purchased for as little as £10 for half a day, heralding the rise of DDoS as a commodity. Often originating as ‘stressers,’ through which businesses buy DDoS services in order to test their own cybersecurity, providers of these services have been known to offer to target any servers.
Many organisations now targeted with cyber-attacks have voiced suspicion that competitors may be responsible behind the scenes, given that DDoS-as-a-service allows any individual or business to wage cyber-war for the price of a t-shirt.
Define your DDoS strategy
It’s simple – the average DDoS attack is now more than strong enough to bring a business down. Now a matter of when not if, taking no preventative action is not an option. Better collaboration between government, law enforcement and businesses is all very well, but given that organisations could be immobilised anytime, they need measures which can be implemented now. It is imperative that organisations define their DDOS mitigation strategy in order to be better prepared for upcoming risks.
Given the rise of techniques like Dark DDoS, it is often not clear if a business is being targeted. Therefore, it’s more important than ever to ensure that web traffic is being constantly monitored for irregularities and that they have the measures in place to react rapidly. Worryingly, our recent report in partnership with IDC revealed that only 25% of businesses decrypt network traffic to inspect network traffic for threats.
An important method is the employment of on-premises and cloud-based anti-DDoS technologies, so as to allow the mitigation of both local-level attacks targeting the application layer and attacks launched from outside the infrastructure, as well as services that can clean malicious traffic before it gets to the network. One or the other just won’t do; a hybrid approach can give organisations the flexibility to protect against the range of weapons now at hackers’ disposal.
Undoubtedly, the number of DDoS attacks has increased and motivations are complex, and yet businesses seem more vulnerable than ever. DDoS has evolved from a one-dimensional nuisance into a multi-faceted threat often hiding sinister ambitions. Today, many hackers are using DDoS as a means to an end, a smokescreen hiding a much more damaging, malicious intent that could see sensitive business data compromised. With our research showing that half of UK consumers would not purchase products from a company that has been hacked, it’s vital that businesses are equipped to appropriately counter diverse threats – it’s time to act now, or risk potentially catastrophic consequences.
 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Reveals a Quarter of IT Professionals are Not Confident about their Security Breach Plans

Next Post

Dark web hackers boast of Tesco Bank thefts

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information