Hackers are making DDoS attacks sneakier and harder to protect against
Cyber criminals are exploring new ways of conducting distributed denial of service (DDoS) attacks to make them harder to protect against and more effective at causing disruption.
DDoS attacks are a relatively simple, but potent, form of cyberattack in which cyber criminals overload services with web traffic, slowing them down or taking them offline entirely, preventing others from being able to use them. The attacks can range from short campaigns that last a few minutes to attacks strung out over extended periods of time.
These attacks often rely on malware-infected computers, servers and Internet of Things devices being connected into a botnet, which then overwhelms the target of the DDoS with web traffic.
Security
While DDoS attacks are unsophisticated compared to other malicious cyber campaigns, they can cause significant disruption. Large DDoS campaigns have temporarily severely disrupted online services, businesses and even the online infrastructures of entire countries.
The criminals behind DDoS attacks – who often lease out their services for others to use – continue to find new ways to make attacks more effective, according to cybersecurity researchers at Netscout, who estimate that there were over six million DDoS attacks around the world during the first half of 2022.
That level of DDoS attacks is consistent with the previous six-month period, but as content delivery networks and cybersecurity providers get better at preventing DDoS attacks, attackers are finding new and innovative ways to power their attacks.
The researchers detail two methods of DDoS attack that have increased during the past year.
In the first new type of attack, a wide range of services and/or devices are targeted with smaller portions of traffic compared to a regular DDoS incident. The idea is that multiple different pipelines of the target are overwhelmed, without triggering the thresholds that would initiate protection against unusually high levels of traffic.
Many DDoS mitigation systems focus on individual IP addresses as opposed to entire subnets, so these attacks often fly under the radar.
A second new attack sees attackers sends a huge amount of bogus subdomain requests in an attempt to overwhelm application-layer services.
"By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies," said Richard Hummel, threat intelligence lead at Netscout.
Also: These are the biggest cybersecurity threats. Make sure you aren't ignoring them
It isn't just DDoS attacks that are evolving: cyber criminals are also putting resources into growing and adding features to botnets. By secretly infecting more machines with malware, cyber criminals can exploit them to launch larger attacks – and the Netscout report suggests that botnets are getting bigger, both in terms of size and capabilities.
"Without question, botnets continue to evolve at a frightening pace. Their creators aren't restricted by red tape, internal processes such as Agile, or approval processes. Their capabilities expand with each passing year, and their targets now range from gamers to geopolitical enemies," researchers warned.
"All of these factors make it imperative for organizations to defend against these attacks or risk massive disruptions to service and reputation," they added.
There are several steps organisations can take to help avoid disruption as a result of DDoS attacks. These steps include using cloud-based hosting providers, deploying IP stresser services to test bandwidth capabilities, and employing a DDoS mitigation service.
MORE ON CYBERSECURITY
- DDoS attacks that come combined with extortion demands are on the rise
- Data centres are still a tempting target for hackers. Here's how to improve your security
- Mirai splinter botnets dominate IoT attack scene
- Dark web crooks are now teaching courses on how to build botnets
- Google Cloud: When it comes to cyber risks, we're all in it together