Security Experts:

DDoS Attackers Distracting Security Teams With Shorter Attacks: Corero Networks

Distributed denial-of-service (DDoS) attacks are being leveraged to circumvent cybersecurity solutions, disrupt service availability and infiltrate victim networks, according to a new report from Corero Network Security.

In its latest Quarterly DDoS Trends and Analysis Report, Corero found that 96 percent of DDoS attacks targeting its customers were 30 minutes or less in length. On average, Corero's customers saw 3.9 attack attempts per day during the fourth quarter of 2014. In addition, 79 percent of the DDoS attack attempts targeting Corero’s customers between October 1 and December 31, 2014 were less than 5Gbps in terms of peak bandwidth utilization. Some of these attacks were intended to partially saturate the Internet link and distract corporate security teams while still leaving enough bandwidth available for a subsequent attack to infiltrate the victim’s network and access sensitive customer data or intellectual property, the company speculated.

"The danger in partial link saturation attacks is not the ‘denial of service’ as the acronym describes, but the attack itself," according to the report. "The attack is designed to leave just enough bandwidth available for other sophisticated multi-vector attacks with data exfiltration as the main objective, to fly in under the radar, while the distracting DDoS attack consumes resources."

Related ReportTop 10 DDoS Attack Trends

"Organizations looking to out-of-band defenses and anti-DDoS scrubbing lane approaches for re-routing traffic once an attack has been identified (most often after an outage or service degradation has been experienced) is a game of cat and mouse," the report continued. "Once these short bursts of attack traffic have been identified, engaging a human analyst for intervention is required. The analyst must then decide to enable the transition to the Cloud based anti-DDoS service. The time of detection to the time of mitigation could range to upwards of one hour with this approach to protection. Given the previously mentioned 96% of DDoS attacks lasting 30 minutes or less; by the time your on-demand defenses are engaged the damage has been done."

Though volumetric DDoS attacks are easier to identify and often get the most attention, Corero found that attackers are also leveraging multi-vector attacks against their targets in an attempt to profile a victim's network security defense strategy so subsequent attacks can bypass their security tools. Akamai Technologies noted a rise in multi-vector campaigns in its Q4 2014 report as well. According to Akamai, more than 80 percent more multi-vector attacks were observed during the final quarter of last year than during the same period in 2013.

"Denial of Service attacks have been a threat to service availability for more than a decade," said Dave Larson, CTO and vice president of product management at Corero Network Security, in a statement. "However, more recently these attacks have become increasingly sophisticated and multi-vector in nature, overcoming traditional defense mechanisms or reactive countermeasures. As our customers’ experiences indicate, the regularity of these attacks simply highlights that there is a growing need for protection that will properly defeat DDoS attacks at the network edge, and ensure the accessibility required for the Internet connected business, or the Internet providers themselves."

Related: DDoS Response Playbook

Related: Top 10 DDoS Attack Trends

view counter