DDoS Attacks: New Trends and the Importance of Defending Yourself
to infiltrate the strongest systems
Preventing hackers from taking down your systems is a never-ending race, with the side that adapts the quickest being the winner. Unfortunately, many businesses recently haven't been taking this competition very seriously. A DDoS attack still can put upside down any business as hackers find new ways to infiltrate the strongest systems.
Since the first DDoS attack that took the University of Minnesota's computer network down for more than two days back in 1999, companies have been acutely aware of their vulnerabilities. But, near the end of 2018, some security groups, such as Radware and Kaspersky, published reports showing that the frequency of DDoS attacks seemed to be on a significant decline. Unfortunately, this decline in attacks didn't last long.
The resulting laxness in security after these security reports were noticed by hackers, who started adapting the latest technology and decimated even some of the most robust security systems, leaving companies scrambling to find ways to combat these evolved forms of DDoS attacks.
These attacks led security organizations to revisit their DDoS assumptions, which led to them publishing these DDoS facts:
Increase in Attack Victims
According to the latest reports from Kaspersky, the amount of DDoS attacks have actually risen a staggering 84% during the first quarter of 2019.
After one of the popular DDoS Hacker-for-Hire marketplaces was shut down by Europol last year, the threat of DDoS seemed to diminish considerably, and companies were more optimistic about their future security. Unfortunately, malicious people found new ways to make deals with hackers-for-hire, and since many of these companies' systems are ripe for the taking, they've returned in full-force.
Decline of DDoS attacks' amount in 2018
According to Kaspersky, the amount of DDoS attacks declined significantly in 2018 in comparison with the previous year; however, the trend in 2019 seems to be quite different. Source: Kaspersky
More Intense Attacks
And not only has the likelihood of an attack increased drastically, but hackers are using the latest tech to make their attacks even more effective than in the past.
Just last year, we witnessed a record-breaking 1.7 Tbps DDoS attack that was launched by a mystery party that took advantage of open memcached servers which amplified the attacker's sent data by a factor of 51,000.
While some are doing their best to close these loopholes in these servers, Carlos Morale, VP of sales, engineering and operations at Arbor Networks (the company that initially detected the attack) said that "the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit."
In other words, don't expect terabit attacks to be going away anytime soon.
Studies conducted by Radware also backed up Arbor Network's findings, showing that while small-scale attacks fell, larger-volume attacks above 10 Gbps had substantially increased in just one year.
Extra-large attacks rising
Attacks above 10Gbps are able to saturate most of the internet pipes. Source: Radware
Attacks Last Much Longer
Hackers have more than doubled the duration of their attacks in less than a year, increasing the length from 95 minutes to 218. Some companies have felt the brunt of a constant DDoS attack for a few brutal days, with the longest one in history lasting for almost two weeks. Around 20 % of DDoS attacks lasted more than 12 hours before the target network collapsed.
According to reports, this trend continued in 2019, where we saw the duration of attacks increase 4.21 times during the first few months. DDoS attacks lasting more than an hour jumped the most, more than doubling in length, and saw their average duration increasing by almost 500 %.
In most cases, the more prolonged attacks are executed by HTTP floods, a highly sophisticated method that requires extensive amounts of both time and money to undertake.
Still, researchers were able to identify a large number of shorter attacks, often only seconds long, that are used by cybercriminals to test the water and see if a full-scale follow-up attack would be worth the effort.
A Rise in Sophisticated Attacks
Once companies started investing in more heavy-duty DDoS security, carrying out successful DDoS attacks became much more difficult, which has led to hackers putting in a lot more time and effort to ensure that these hacks are successful.
According to Kaspersky, more labor-intensive HTTP flood attacks are becoming increasingly popular among hackers. The HTTP flood method and mixed attacks involving an HTTP factor made up approximately 80 % of all DDoS attacks in 2018, and they show no sign of slowing this year.
What Happens During a DDoS Attack?
During a DDoS attack, URL message requests (or large amounts of random data) are sent to the victim's server to overload its response capacity. Imagine a glass (the server) that's already full of water (requests), but someone (the attacker) starts dumping more water into it until it's overflowing. Since servers have limited capacity that they can dedicate to URL requests at any given time, DDoS attacks can knock servers that don't have strong anti-DDoS defenses offline fairly quickly.
Hacker’s Favored DDoS Attack Tactics
Last year, hackers assaulted companies, especially those using Internet of Things (IoT) devices, on several DDoS fronts, according to a Radware report.
Let's go over a few:
Radware's survey revealed that 10% of their respondents were victims of DDoS attacks launched from an IoT botnet. The actual percentage might even be higher, since only one in six respondents knew that an IoT botnet compromised them, meaning the rest weren't able to identify where the DDoS attack came from.
A botnet, also called a zombie network, is made up of numerous infected computers that are used to launch attacks. Since hackers use stealthy malware to hijack them, most infected users don't even know they're taking part in an attack.
Experts believe that IoT botnets will become one of the leading methods of DDoS attacks in the future.
Hackers set new records last year after they carried out DDoS attacks consisting of data being sent at 1.3 and 1.7 Tbps to their victim's servers. These users were using commonly used memcached servers, and experts predict that even more companies will fall prey to these attacks before they can come anywhere close to patching the issue.
Imagine that tidal wave of data flooding your server.
Another type of high-volume DDoS tactic, the burst attack, has been drastically increasing as well. With the burst attack, enormous amounts of traffic volume are sent in short periods of time, but the timing of the attack is completely random.
Since there is little time for security teams to detect that they're under attack and mount a defense, the systems are usually already overwhelmed. Half of the organizations surveyed in these studies admitted to falling victim to burst attacks, and the trend seems to indicate that the number of attacks will only increase over the next two years.
SSL-based attacks have become the most difficult challenges for security teams to solve due to the high sophistication of the attacks.
From 2017 to 2018, the reported number of these encrypted attacks jumped by 13 %. To defend themselves against these threats, companies have been forced to invest vast amounts of resources into new security solutions.
US companies were at the highest risk of being DDoS attacked through the SSL-based methods, setting them at 16 % above the world average.
HTTPS: a New Door for Hackers
HTTPS encryption is becoming more and more prevalent every day. By the end of 2018, more than 70 % of websites used HTTPS certificates, and experts expect all websites to use HTTPS encryption by 2020.
This measure supposedly should provide higher security and privacy for web traffic, but it's also presented juicy opportunities for hackers to carry out "application attacks," which has been one of the hardest methods of attack to detect.
The more complex encrypted applications become, the more sophisticated and complex the attacks will be, and the harder it will be to detect and mitigate in the application layer (where these attacks do the most damage).
HTTPS floods increased by 20 % in 2018, but if the number of sites using this method grows, experts expect the number of attacks to shoot up as well.
What Motivates a DDoS Hacker?
This may be the scariest question when discussing DDoS, since the hacker's motive can, unfortunately, be... anything.
Some hackers use DDoS attacks to exact revenge; others use them as a way to extort people or companies. DDoS attacks can be politically motivated or be used as a means of online activism (or what's now known as "hacktivism"). Some individuals, hacker teams, or countries will even use DDoS attacks as a way of waging cyber warfare, with effects sometimes bleeding into real life (taking down power stations, electrical grids, chemical production companies, nuclear facilities, etc.)
And, unfortunately, even if you're able to detect these attacks and stop them before it's too late, it's usually impossible to be able to figure out the identities of your attackers or what their motives were.
Top DDoS attack motivations
Impact and motivations for DDoS attacks in 2018. Sources: Radware and HaltDos
The year 2018 wasn't a typical year for cybersecurity consultants; while the motivations of attackers had remained relatively consistent over the years, the response "motive unknown" was becoming increasingly prevalent, almost tripling in 2018 alone. On top of that, according to Radware, it's becoming harder for companies to distinguish malicious traffic from legitimate ones because hackers are using more sophisticated evasion techniques.
But, despite the reasons behind these "unknown motive" attacks, ransomware (malware that threatens to publish a victim's data or permanently block access to their systems unless a ransom is paid) and hacktivism remained the main motives for DDoS attacks worldwide.
The Real Impact of DDoS Attacks for Businesses
The economic impacts of a DDoS attack can be devastating for a business. The losses can range from extortion payments demanded by hackers to the total bankruptcy of a company due to extended downtimes.
Bulletproof's Annual Cybersecurity Report 2019 revealed that a single DDoS attack could cost smaller companies $120,000, while larger enterprises could easily lose $2 million.
That's $2 million from one single DDoS attack.
The ways these companies can lose this money can vary; some may lose online sales in the days or weeks their site is down, content streamers could lose the ability to track it's PPV revenues, News channels may lose their online presence, large financial institutions may lose control over sensitive personal information of hundreds of thousands of their customers. Realistically, the possible ways companies can feel the damages are almost endless.
The firm Neustar, through a survey applied to more than 1,000 companies, found that 86 % of companies suffered several DDoS attacks during 2018, 63 % of those companies revealed that the interruption caused by the attack cost them somewhere around $100,000 per hour, and other companies admitted that their losses were closer to $250,000 per hour.
Do you know that...?
Master Internet customers can protect their servers against DDoS attack with Radware's DefensePro hardware shield. DefensePro detects and protects against attacks, even when attackers are using tens of Gbps. The device filters unwanted traffic in realtime so that users aren't affected by attempted disruptions.
Interestingly enough, the biggest threat to companies is not a DDoS attack, but their lack of determination to take preventive actions. Kaspersky reported that 28 % of companies that have never been impacted by a devastating DDoS attack believe that it's unlikely that anyone will attack them.
But, unfortunately, in a world full of attackers that are willing to unleash their host of infected botnets on unsuspecting organizations, we know that hackers don't always need an apparent motive. Sometimes all it takes is one single unlucky moment when a hacker randomly stumbles upon your network.
So businesses need to ask themselves, are you prepared, and I mean really prepared, for a sophisticated DDoS attack?
If you're not ready to face an attack of this scale, you probably want to protect yourself before it's too late.