New botnet approaches lead to increase in DDoS attack intensity


Distributed denial-of-service (DDoS) attacks are surging in intensity, and the techniques used to carry them out appear to be becoming more sophisticated, as attackers leverage more powerful botnets. As the threat landscape becomes more challenging to handle, many companies may find that their best approach to protection is to work with a managed services provider to implement DDoS mitigation solutions, according to experts.


Several recent reports have documented a dramatic increase in the intensity of DDoS attacks, according to Ars Technica. One company studying the attacks found that the average amount of bandwidth used increased to 48.25 gigabits per second in the first quarter of 2013, up from 6.1 Gbps during the same period the year before and 5.9 Gbps during the fourth quarter of 2012. The average duration of a DDoS attack also increased, from 28.5 hours during the first quarter of 2012 to 34.5 hours in 2013. Attacks peaked as high as 130 Gbps, and one attack earlier this month exceeded 160 Gbps, suggesting that the intensity of such incidents is continuing to increase.


New approaches lead to stronger attacks
This uptick in DDoS activity can likely be attributed to more well-funded, better organized attack campaigns and the use of new techniques that leverage web servers as part of botnets, Ars Technica reported. While hackers previously would use compromised home and office PCs to power botnets that flood websites with traffic, they are increasingly turning toward web servers, which offer orders of magnitude more bandwidth.


In a separate article, the publication noted that at least three web hosting services recently reported massive distributed attacks on vulnerable WordPress systems. By brute-forcing the administrative credentials of WordPress sites, attackers can gain access to web servers and infect them to carry out attacks.


“It is clear that if the story of the 2000s was how easy it was to compromise desktop PCs and turn them into spam-sending engines or botnets to do other nefarious things, the story of the 2010s is going to be how easy it is to compromise server software, which has gotten very consumerized and doesn’t necessarily have the best security in place,” one security expert told Ars Technica. “If a server is 10 times as powerful as a desktop computer then you only need one-tenth to do the same level of damage.”


Additionally, recent months have seen an increase in more subtle application-level DDoS attacks, according to another security group. Ars Technica reported that one increasingly common form of attack uses automated scripts to flood web login pages with invalid credentials, overwhelming servers with database lookup attempts.


Mitigating attacks

Increasing DDoS attack sizes greatly eclipse what most businesses can weather, InformationWeek noted. To handle these risks, many companies are turning to managed services providers for dedicated DDoS mitigation.


“There are a number of DDoS mitigation technologies out there, and we see organizations that are deploying the technologies in their own infrastructure and in their own environments,” Chris Novak, managing principal of the RISK Team at Verizon Enterprise Solutions, told the publication.


As attacks intensify, organizations may want to consider their DDoS mitigation strategy and work with IT consulting services to develop a plan that can prevent attackers from overloading their bandwidth.