Huge DDoS attacks on the rise

Hackers are increasingly using domain name serves (DNS) amplification to deliver huge amounts of traffic in distributed denial of service (DDoS) attacks, according to a white paper from security company Symantec.

Between January and August of this year the firm observed an 183% increase in the use of such attacks, in which hackers deliver requests to DNSs prompting floods of traffic to the target.

Candid Wueest, threat researcher at Symantec, said: Distributed denial of service attacks are not a new concept, but they have proven to be effective. In the last few years they have grown in intensity as well as in number, whereas the duration of an attack is often down to just a few hours.

Such attacks are simple to conduct for the attackers, but they can be devastating for the targeted companies. Amplification attacks especially are very popular at the moment as they allow relatively small botnets to take out large targets.

Attack patterns employed by hackers can move over time as companies seek to defend themselves against popular attacking strategies, in what is often compared to an arms race.

Many hackers now sell DDoS attacks for as little as $5 online, although denial of service continues to popular among so-called hacktivists such as Anonymous, who engage in cyber attacks as a means of political protest, or what some may consider terrorism.

Wueest added that Shellshock bug earlier this year which affected the command lines of Unix, Linux and Mac had allowed hackers to install DDoS scripts on a variety of servers, with some building a powerful DDoS botnet.

The forecast for the future looks dark, as we expect to see many DDoS attacks during Guy Fawkes Day on November 5, as the Anonymous collective has already announced various activities under the Operation Remember campaign, he said.

We have also seen cases of extortion where targets have been financially blackmailed, as well as some targeted attacks using DDoS as a diversion to distract the local CERT team while the real attack was being carried out.

This year saw a DDoS attack measuring 400Gbps, the fastest on record, with many attacks said by Symantec to be in excess of 100Gbps. India was found to be the most common source for the attacks at 26%, with the US accounting for 17%.