Security Experts:

DDoS-For-Hire Services Market Leads to Boom in DDoS Attacks: Akamai

Cybercrime is an industry, and a growing market in that industry belongs to those ready to offer distributed denial-of-service attacks for a price, according to a new report from Akamai Technologies.

In its Q4 2014 State of the Internet report, Akamai's Prolexic Security Engineering and Research Team (PLXsert) blamed DDoS-for-hire services for the rise in reflection-based DDoS attacks. Nearly 40 percent of all DDoS attacks during the quarter used reflection techniques, which rely on Internet protocols that respond with more traffic than they receive and do not need an attacker to gain control over the server or the device.

According to the report, the expansion of DDoS-for-hire services also promoted the use of multi-vector campaigns. More than 80 percent more multi-vector attacks were observed during the final quarter of 2014 as they were during the same period of 2013.

There are several reasons why an attacker would choose to launch a multi-vector attack, explained John Summers, vice president of Akamai’s security business. For example, such attacks could be used to impact multiple components of an enterprise's backend infrastructure simultaneously, or make an attack more difficult to block.

"Running a modern web site means using multiple systems in coordination: DNS servers, web servers, application servers, login/authentication servers, identity directories, site search servers, content management systems and databases," he told SecurityWeek. "Being able to bring down any one of these back end infrastructures can result in the entire site being disabled. Often it can be easier to bring down a site by focusing an attack on one of these backend systems. DNS servers, login systems and content management systems are frequent targets."

"Attackers often use multiple different kinds of attacks vectors so that blocking any one still allows the other attack vectors to pass through and continue to damage the site," he added. "This is also why attackers frequently change attack vectors during an attack to continuously evade enterprise defenses."

The tactic is also used to distract from data theft or fraud attempts, he noted.

In its 10th Annual Worldwide Infrastructure Security Report, Arbor Networks found that 42 percent of the organizations they surveyed had experienced multi-vector attacks that combined volumetric, application-layer and state exhaustion techniques within a single sustained attack between November 2013 and November 2014. 

When compared to Akamai's findings from the fourth quarter of 2013, the final three months of last year had 57 percent more DDoS attacks, including a 51 percent increase in application layer attacks and a 58 percent increase in infrastructure-layer attacks.

The United States and China were the lead source countries for DDoS traffic. While Brazil, Russia, India and China dominated in Q3 2014, in the final quarter of the year DDoS attack traffic came in large part from the United States, China and Western Europe, the report noted.

"The expansion of the DDoS-for-hire market may result in the commoditization of DDoS attacks, where availability drives down prices, which grows the market. DDoS may become a common tool for even non-technical criminals," according to the report. "With a flourishing DDoS-for-hire market comes attack innovation, more complex attacks and bigger attacks. The refinement and increased sophistication of attack vectors is likely to follow an expansion trend, if nothing is done to break the workflow of factors driving the growth of the DDoS-for-hire market."

Summers suggested organizations develop a playbook in preparation to DDoS attacks. That playbook should include answers to questions such as who is contacted if there is an expected attack, how data is going to be gathered and from what systems and who makes the decision to block traffic to mitigate the attack. In addition, organizations should also have a post attack review process, he said. 

"DDoS mitigation is a process and an organizational capability that needs to be trained and refreshed on an ongoing basis," he said. 

view counter