The British Broadcasting Corporation (bbc.co.uk) was hit by a DDoS attack on Thursday, according to a statement sent to the Inquirer :"In a statement to the INQ, the BBC said the attack originated in a number of different countries but didn't specify which.
"In a statement to the INQ, the BBC said the attack originated in a number of different countries but didn't specify which. When the Beeb's techies blocked international access to a limited subset of servers, it resulted in a marked improvement of the serving of bbc.co.uk. Service supplier Siemens was forced to block addresses and prevent the attack using other methods like changing the DNS settings."
"During the attack, the BBC website responded very slowly, and our monitoring shows that for a total of 1 hour and 15 minutes it did not respond at all. The downtime was spread over multiple short intervals, lasting just a few minutes each time. The attack lasted the entire evening. It started to have an effect after 5 p.m. CET and the performance was not back to normal until after 10 p.m. CET. Analyzing the response times of the website clearly shows the effect the DDoS attack had on the performance of the BBC website. The diagram below shows the hourly average load time of the HTML page (just the HTML page, without any images, external scripts, etc)."
What are some of the driving factors contributing to this trend? The overall availability of malware infected hosts, which when once monetized ends up in DDoS for hire services whose prices for a large scale hourly attack are getting disturbingly affordable to anyone. The recently released "Worldwide Infrastructure Security Report" report by Arbor Networks also indicates that the DDoS attack rates exceed the ISP network's growth, and have already reached the 40GB barrier. Ironically, the report also states that managed DDoS mitigation services are increasing, which is exactly what is happening on the DDoS for hire services front - they're becoming ubiquitous as outsourcing DDoS attacks to experienced attackers directly messes up the entry barriers into a space that used to require experience, and an operational botnet a couple of years ago.