Dive Brief:
-
DDoS attacks increased by 16% from 2017 to 2018 with the majority of them classified as "volumetric," or flooding traffic, according to Akamai's Summer 2018 State of the Internet/ Security: Web Attack report. An attacker can initiate an attack from their home by using a tool created by Anonymous, the Low Orbit Ion Cannon, or use a DDoS-for-hire website.
-
Newer types of DDoS attacks are using different patterns, including the YouTube tutorial method which "was aimed at an entire /24 subnet," not just a single IP address, according to the report. The attack featured a large SYN Flood, which exceeded 120 Gbps.
-
Attacks on sites in the hotel and travel industries use impersonations, which entails bots "attempting to mimic legitimate browsers but display subtle differences in their traffic," according to the report. Differences include packets with bytes that are out of order and misspelled identification factors.
Dive Insight:
DDoS attacks can be disastrous for the victim, but attackers don't have to work that hard to pull them off. And bad actors don't necessarily have to take great financial risk to inflict a major upset on companies.
A 300-second attack costs about $5 while a 24-hour attack is about $400. But the average attack obtained through black market services goes for $25 an hour.
In March, GitHub disclosed a record breaking 1.35Tbps DDoS attack followed by a spike of 400Gbps. However, the attack took the site offline for about 10 minutes and no data was compromised.
But less than a week later, a 1.7Tbps DDoS attack took the crown for largest on record. The victim was an undisclosed U.S. based service provider but the outage was so minimal, it wasn't reported by the provider.
DDoS attacks have continued to evolve, Lisa Beegle, senior manager for Information Security at Akamai Technologies, told CIO Dive in an interview. Hackers used to facilitate a single event and then move on. Now, however, attackers are taking equipment from off the shelf and reverse engineering them to work in a malicious fashion.
So while people are working to "dumb down DDoS," there are some intelligent actors behind them, Beegle said. The 1.7Tbps attack leveraged open memcached servers, which are open to the internet by factory default.
Because of the notoriety of the attack, it gave the flaw in memcached servers visibility, said Beegle. From an awareness standpoint, organizations became more cognizant about closing off their memcached servers, but "once something is out there, it's out there," according to Beegle.
As for what to expect in the future, Beegle suggests organizations "hone in on the complexity of the attacker changing methodology." Attackers are learning to adapt to mitigations on the fly and that makes dealing with attacks more difficult.