Cyber criminals are exploring new ways of conducting distributed denial of service (DDoS) attacks to make them harder to protect against and more effective at causing disruption.
DDoS attacks are a relatively simple, but potent, form of cyberattack in which cyber criminals overload services with web traffic, slowing them down or taking them offline entirely, preventing others from being able to use them. The attacks can range from short campaigns that last a few minutes to attacks strung out over extended periods of time.
That level of DDoS attacks is consistent with the previous six-month period, but as content delivery networks and cybersecurity providers get better at preventing DDoS attacks, attackers are finding new and innovative ways to power their attacks.
The researchers detail two methods of DDoS attack that have increased during the past year.
In the first new type of attack, a wide range of services and/or devices are targeted with smaller portions of traffic compared to a regular DDoS incident. The idea is that multiple different pipelines of the target are overwhelmed, without triggering the thresholds that would initiate protection against unusually high levels of traffic.
Many DDoS mitigation systems focus on individual IP addresses as opposed to entire subnets, so these attacks often fly under the radar.
A second new attack sees attackers sends a huge amount of bogus subdomain requests in an attempt to overwhelm application-layer services.
"By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies," said Richard Hummel, threat intelligence lead at Netscout.
It isn't just DDoS attacks that are evolving: cyber criminals are also putting resources into growing and adding features to botnets. By secretly infecting more machines with malware, cyber criminals can exploit them to launch larger attacks – and the Netscout report suggests that botnets are getting bigger, both in terms of size and capabilities.
"Without question, botnets continue to evolve at a frightening pace. Their creators aren't restricted by red tape, internal processes such as Agile, or approval processes. Their capabilities expand with each passing year, and their targets now range from gamers to geopolitical enemies," researchers warned.
"All of these factors make it imperative for organizations to defend against these attacks or risk massive disruptions to service and reputation," they added.
There are several steps organisations can take to help avoid disruption as a result of DDoS attacks. These steps include using cloud-based hosting providers, deploying IP stresser services to test bandwidth capabilities, and employing a DDoS mitigation service.