Hackers shy away from DDoS attacks

Hackers shy away from DDoS attacks

Summary: Declining profitability and the risk of identification are causing a decline in distributed denial-of-service attacks, according to Symantec

SHARE:
TOPICS: Security
0

The quantity of distributed denial-of-service attacks launched for the purpose of extortion has fallen, according to security vendor Symantec.

A distributed denial-of-service (DDoS) attack uses a network of compromised computers, known as a botnet, to send a large number of packets to a site, causing its server to fall over. Some attackers try to extort money from the site by threatening to launch another attack. However, DDoS attacks are becoming less frequent because of increasing risks to attackers, according to Symantec.

"In the last six months of 2006 we saw a pretty sharp decline in the daily number of denial-of-service attacks. Although there are likely a number of factors at play here, I think there is one primary factor: denial-of-service extortion attacks are no longer profitable," wrote the vendor's security response engineer Yazan Gable in a blog post.

Sentry Posts Blog

Sentry Posts Blog

Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more

"DDoS is a risky business," Ollie Whitehouse, a Symantec research scientist told ZDNet UK. "DDoS attacks can show how big the attacker's botnet is, and where it's located. There's a risk of the attacker being identified not only by the target and their ISP, but also by their own ISP."

Botnets take time and money to assemble, and increasingly hackers are unwilling to risk DDoS attacks, opting instead for the relatively easy money to be gained from spamming. Revenue gained from phishing and direct sales through spam is increasing, said Symantec. As email spam filter technologies have become more advanced, spammers have turned to easier targets such as blogs. "It's very easy to jump on a blog with an established base and spam that," said Whitehouse.

Detective chief inspector Charlie McMurdie, of the Metropolitan Police Specialist Crime Directorate E-crime Unit, said that DDoS extortion attempts are still being reported to the police but that, without a national unit to collate e-crime information, it was difficult to get an accurate picture of the problem. "We're still having reports made to us, but obviously that's only the tip of the iceberg," McMurdie told ZDNet UK. "We are still receiving reports of attacks, but we've got no national collation of law-enforcement figures as yet."

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion