Shorter, higher-speed DDoS attacks on the rise, Arbor Networks says
Almost half of the distributed denial-of-service attacks monitored in a threat system set up by Arbor Networks now reach speeds of over 1Gbps. That's up 13.5% from last year, while the portion of DDoS attacks over 10Gbps increased about 41% in the same period, Arbor says.
In addition, the Arbor Networks monitoring system, which is based on anonymous traffic data from more than 270 service providers, saw in the second quarter of this year the more than doubling of the total number of attacks over 20Gbps that occurred in all of 2012. The only number that went down was the duration of all of these DDoS attacks, which now trend shorter, with 86% lasting less than one hour, according to the Arbor Networks trends report for the second quarter of 2013.
Jeff Wilson, principal network security analyst with Infonetics Research, says attackers have their own motivations for launching DDoS attacks, such as political ones or organized crime-related ones, but it's the ready availability of botnets for hire and crowd-sourced attack tools that give them the easy means.
Separately, FireHost, a Dallas company focused on building in security defense as part of its web-hosting service, issued its own findings related to cyberattacks detected over the second quarter.
FireHost says its customers were targets for about 24 million different types of attacks. About 3.6 million of these blocked cyberattacks were aimed at compromising websites through what's known as SQL Injection, Cross-Site Request Forgery (CSRF), Directory Traversal and Cross-Site Scripting (XSS). This represents an increase in web-compromising attacks of this type from the 3.4 million seen in the first quarter, FireHost says.
In the second quarter, the number of CSRF attacks rose 16% over the previous quarter, and SQL Injection attacks rose 28%. However, the XSS attacks, which involve the insertion of malicious code into webpages to manipulate visitors, remained the most prevalent attack type. FireHost says sometimes attacks are "blended" with other exploits and automated.
FireHost claims it's not unusual to see these blended attacks originating from within cloud-service provider networks.
"Cybercriminals can easily deploy and administer powerful botnets that run on cloud infrastructure," says FireHost founder and CEO, Chris Drake. "Many cloud providers unfortunately don't adequately validate new customer sign-ups, so opening accounts with fake information is quite easy." After the account is set up, the attacker can run an automated process that can be leveraged to "deploy a lot of computing power on fast networks, giving a person the ability to create a lot of havoc with minimal effort," Drake concludes.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: email@example.com
Read more about wide area network in Network World's Wide Area Network section.