Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

DDoS-For-Hire Services Market Leads to Boom in DDoS Attacks: Akamai

Cybercrime is an industry, and a growing market in that industry belongs to those ready to offer distributed denial-of-service attacks for a price, according to a new report from Akamai Technologies.

Cybercrime is an industry, and a growing market in that industry belongs to those ready to offer distributed denial-of-service attacks for a price, according to a new report from Akamai Technologies.

In its Q4 2014 State of the Internet report, Akamai’s Prolexic Security Engineering and Research Team (PLXsert) blamed DDoS-for-hire services for the rise in reflection-based DDoS attacks. Nearly 40 percent of all DDoS attacks during the quarter used reflection techniques, which rely on Internet protocols that respond with more traffic than they receive and do not need an attacker to gain control over the server or the device.

According to the report, the expansion of DDoS-for-hire services also promoted the use of multi-vector campaigns. More than 80 percent more multi-vector attacks were observed during the final quarter of 2014 as they were during the same period of 2013.

There are several reasons why an attacker would choose to launch a multi-vector attack, explained John Summers, vice president of Akamai’s security business. For example, such attacks could be used to impact multiple components of an enterprise’s backend infrastructure simultaneously, or make an attack more difficult to block.

“Running a modern web site means using multiple systems in coordination: DNS servers, web servers, application servers, login/authentication servers, identity directories, site search servers, content management systems and databases,” he told SecurityWeek. “Being able to bring down any one of these back end infrastructures can result in the entire site being disabled. Often it can be easier to bring down a site by focusing an attack on one of these backend systems. DNS servers, login systems and content management systems are frequent targets.”

“Attackers often use multiple different kinds of attacks vectors so that blocking any one still allows the other attack vectors to pass through and continue to damage the site,” he added. “This is also why attackers frequently change attack vectors during an attack to continuously evade enterprise defenses.”

The tactic is also used to distract from data theft or fraud attempts, he noted.

In its 10th Annual Worldwide Infrastructure Security Report, Arbor Networks found that 42 percent of the organizations they surveyed had experienced multi-vector attacks that combined volumetric, application-layer and state exhaustion techniques within a single sustained attack between November 2013 and November 2014. 

Advertisement. Scroll to continue reading.

When compared to Akamai’s findings from the fourth quarter of 2013, the final three months of last year had 57 percent more DDoS attacks, including a 51 percent increase in application layer attacks and a 58 percent increase in infrastructure-layer attacks.

The United States and China were the lead source countries for DDoS traffic. While Brazil, Russia, India and China dominated in Q3 2014, in the final quarter of the year DDoS attack traffic came in large part from the United States, China and Western Europe, the report noted.

“The expansion of the DDoS-for-hire market may result in the commoditization of DDoS attacks, where availability drives down prices, which grows the market. DDoS may become a common tool for even non-technical criminals,” according to the report. “With a flourishing DDoS-for-hire market comes attack innovation, more complex attacks and bigger attacks. The refinement and increased sophistication of attack vectors is likely to follow an expansion trend, if nothing is done to break the workflow of factors driving the growth of the DDoS-for-hire market.”

Summers suggested organizations develop a playbook in preparation to DDoS attacks. That playbook should include answers to questions such as who is contacted if there is an expected attack, how data is going to be gathered and from what systems and who makes the decision to block traffic to mitigate the attack. In addition, organizations should also have a post attack review process, he said. 

“DDoS mitigation is a process and an organizational capability that needs to be trained and refreshed on an ongoing basis,” he said. 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.