Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Netflix Helps Identify APIs at Risk of Application DDoS Attacks

Netflix has published tools and information to help defenders identify systems that could be leveraged by malicious actors for damaging application layer distributed denial-of-service (DDoS) attacks.

Netflix has published tools and information to help defenders identify systems that could be leveraged by malicious actors for damaging application layer distributed denial-of-service (DDoS) attacks.

Akamai’s State of the Internet report for the first quarter of 2017 shows that application layer attacks accounted for less than one percent of DDoS attacks. However, security engineers at Netflix warn that they can pose a serious threat to organizations relying on a microservice architecture.

The microservices architecture is an increasingly popular method for developing software. In a microservices architecture, the application relies on multiple smaller and independent services that communicate with other services to serve a business goal.

The problem with this type of architecture, from a security standpoint, is that there may be a gateway API that sends out thousands of requests to middle tier and backend services from a single request.

Application DDoS via microservice architecture

If an attacker can identify an API that fans out into a large number of requests to middle and backend services, they may be able to generate a DoS condition in middle tier services and cause an overall service outage, Netflix warned.

“All of this is made possible because the microservice architecture helps the attacker by massively amplifying the attack against internal systems. In summary, a single request in a microservices architecture may generate tens of thousands of complex middle tier and backend service calls,” said Netflix security engineers Scott Behrens and Bryan Payne, who had a talk on this topic last week at the DEF CON conference.

The security experts have provided instructions on how defenders can analyze their systems in order to identify potentially problematic APIs. Netflix has also released a couple of open source testing tools for application DDoS.

Repulsive Grizzly is a framework designed to make it easier for organizations to look for weak spots. It can be used in combination with Cloud Kraken, the second tool released as open source by Netflix, to conduct tests at a larger scale across multiple data centers and regions.

Netflix made available the source code of several internal tools in the past years, including for collecting intelligence, discovering cross-site scripting (XSS) flaws, and securing devices.

Related: Fake Netflix App Takes Control of Android Devices

Related: Netflix Login Generator Distributes Ransomware

Related: Cisco Releases Open Source Malware Signature Generator

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.