Distributed denial of service attacks have evolved from protest tool to criminal weapon.
More than one in three DDoS attacks are used to plant malware or a virus on company systems, and 40 percent of them result in data theft, according toNeuStar’s semiannual DDoS attack and protection report released last week.
“Until two years ago, DDoS attacks were really seen as just a disruption and annoyance tool,” said NeuStar Senior Security Manager Joe Loveless.
“There’s more purpose behind the attacks now than simply to be disruptive,” he told TechNewsWorld.
“DDoS attacks are clearly being used for more sinister purposes,” Loveless continued. “They’re accompanying data breaches, the implementation of malware within an organization, theft of intellectual property, and stealing funds or customer information.”
Frequency Increase
As motives behind DDoS attacks have changed, so too has the frequency of the assaults. Half the companies in North America, Europe, the Middle East and Africa have suffered DDoS attacks, NeuStar reported. More than eight of 10 of those companies (83 percent) have been assaulted more than once.
“We’re seeing an increase in the pace that companies are being attacked,” Loveless said. “They’re being attacked repeatedly, as opposed to one-off attacks.”
Of the 750 organizations analyzed, more than half were attacked — and of those that were attacked, more than half had been attacked at least six times, he noted. “It’s not so much if an organization will be attacked, it’s a matter of how often.”
Scrubbing Traffic
A majority of DDoS atttacks now are on the smaller side, but User Datagram Protocol attacks, “which are quite large, continue to be popular,” Loveless said. “Large attacks over 5 gigabits are more than 40 percent of the attacks that we’ve seen.”
UDP attacks flood random ports on a target with UDP data. It overwhelms the target and makes it unresponsive to anyone trying to access it.
How are organizations protecting themselves against DDoS attacks? There are network appliances that offer a measure of protection, but they can be overwhelmed, too.
There are also cloud solutions. Cloud-based services can intercept all of an organization’s network traffic and reroute it through a scrubbing infrastructure. However, those services need to be accompanied by experts that make sure traffic is being scrubbed and not purged.
“There are tactics where traffic can get so bad that it will be ‘black holed.’ That’s like throwing the baby out with the bath water,” Loveless explained.
“That’s not a good thing, because you’re losing good traffic as well as the bad,” he continued. “With a good scrubbing service, you can maintain the good traffic while eliminating the bad.”
By John P. Mello Jr.
Oct 7, 2015 5:00 AM PT
Full Article:
Source: DDoS Attacks Create Smokescreens for Larceny | Cybersecurity | TechNewsWorld
Linux Security Blog 